Options in Nmap

The basic syntax of Nmap is:

nmap [scan type] [option] {target specifications}

Scan types available in Nmap are:

• TCP scan: Used to check and perform a three-way handshake between sender and target. It is very noisy.
• UDP scan: This scan is performed to check whether a UDP port is open on the target system or not. Unlike TCP scan, this does not have a positive acknowledgment response so, it might sometimes give false positive responses. 
• SYN scan: This is another way of a TCP scan; the Nmap itself creates the SYN packet only difference being that Nmap itself creates the SYN packet.
• ACK scan: Used to determine whether a post is filtered or not.
• FIN scan: It is a kind of stealth scan, which send TCP FIN packets rather than SYN requests.
• NULL scan: Clears all the connections and clears everything to clean.
• IDLE scan: This is the stealthiest scan of Nmap thus far. 

Footprinting is the technique of gathering information about a targeted network or computer system such as the version of OS the target is using, the kernel version (for Linux-based targets), the version of web hosting software (for server targets), etc. Footprinting could be both active and passive.  Active Footprinting involves direct interaction with the target such as performing Nmap scans, etc. On the contrary, passive footprinting usually does not allows the target to be conscious of the enumeration. There are various tools out there to perform footprinting on various types of networks/systems. Nessus, Weblister, Harvester, Nmap, etc. are some of such tools. However, this article specifically focuses on Nmap.