Basic Scanning Techniques
So here I will show the basic
techniques for scanning network/host. But before that, you should know some
basic stuff regarding Nmap status after scanning.
Port Status: After scanning,
you may see some results with a port status like filtered, open, closed, etc.
Let me explain this.
·
Open: This indicates that an application is
listening for connections on this port.
·
Closed: This indicates that the probes were
received but there is no application listening on this port.
·
Filtered: This indicates that the probes were
not received and the state could not be established. It also indicates that the
probes are being dropped by some kind of filtering.
·
Unfiltered: This indicates that the probes were
received but a state could not be established.
·
Open/Filtered: This indicates that the port was
filtered or open but Nmap couldn’t establish the state.
·
Closed/Filtered: This indicates that the port
was filtered or closed but Nmap couldn’t establish the state.
Open kali linux terminal and
type nmap to serach all nmap commands
Find All Connected PC (Ping
Scan)
The -Sp option for a ping only scan. It will be more useful when you
have a group of IP addresses and you don’t know which one is reachable.
nmap -sP -T4 192.168.0.1/24
Note:
-T
: Used to change speed of scan. Slow scan yields Better results
Multiple IP Scan
nmap -sn 192.168.0.1/24
TCP Ports Scan
TCP connect scan is the
default TCP scan type when SYN scan is not an option. It will show you all open
TCP ports in Remote PC.
Sinlge IP Scan
nmap -sT 192.168.0.102
Multiple IP Scan
nmap -sT 192.168.0.1/24
Detect Service Version
In
this scan you can find the version of the service that is running on each open
port. This is done using multiple techniques like banner grabbing, reading
server headers and sending specific requests.
Single Host Service Scanning
nmap -sV 192.168.0.102
Multiple Hosts Scanning
nmap -sV -T4 192.168.0.1/24
Detect Operating System
In this scan you can find the Installed Operating System in the Network PC.
Single Host Scanning
nmap -O 192.168.0.102
Multiple Hosts Scanning
nmap -O -T4 192.168.0.1/24
Detect Protocol
In this scan you can find
the PROTOCOL, STATE, SERVICE in the
Network PC.
nmap -sO -T4 192.168.0.1/24
Aggressive Scan (Also Work for Trace route)
For Single Host
The aggressive scan selects
most commonly used options it is simple
alternative to writing long strings. It will also work for traceroute, etc.
nmap -A 192.168.0.102
Multiple Hosts Scanning
nmap -A -T4 192.168.0.1/24
UDP Ping Scan
The UDP scan only on udp ping scans on the target. . It will show you all open UDP ports in Remote PC.
nmap
-sU -T4 192.168.0.102
Syn Scan
Complete 2 step in 3 way handshake. No chance of closing or crashing
target. Undetected by older System. It can be
performed quickly, scanning thousands of ports per second on a fast network not
hampered by restrictive firewalls.
nmap –sS
192.168.0.113
0 comments:
Post a Comment