Nmap help

Printable View

May 14th, 2003, 11:15 PM
Delta4ce

Nmap help

Can you plz explain to me all the different types of connections that nMap offers, what i mean is what they do, becuz i have downloaded it, and it lists alot of different types of scans, like Xmas scan. and i have no clue what that means. any help is appreciated.
May 14th, 2003, 11:31 PM
MemorY

maybe u can find some info here

http://www.sans.org/resources/idfaq/what_is_nmap.php

http://lists.insecure.org/nmap-hacke...-Jun/0023.html

http://www.icewalkers.com/Linux/Soft...0500/nmap.html

http://www.linuxsecurity.com/feature...e_story-4.html

http://www.sans.org/resources/idfaq/nmap.php
May 14th, 2003, 11:38 PM
slarty

"Normal" scans - the ones you'd actually use to test your network:

-sT - plain TCP connect() scan - the only advantage is that you can use it if you're not root. No other kind works if you're not root. Not stealthy, and uses more local and remote system resources. This is not ideal because it is more likely to crash (or otherwise break) a badly made server program.
-sS - stealth TCP scan - uses "half-open" connections. Advantages: slightly more stealthy (not usually logged by target application, can still be detected easily by IDS), quicker. A server program won't usually notice this hence won't be slowed down or broken by it.
-sU - UDP scan - scans UDP instead of TCP ports. Very slow, as UDP ports sometimes don't respond even if they're open. Also fairly unreliable as firewall config etc, may cause closed ports to be shown as open.

"Exotic" scans - not normally terribly useful (I have never found a use for them)

-sF, sX, sN - use odd combinations of flags to try and solicit a response. Not all TCP stacks respond to these peculiar packets. In particular some (maybe all) Win32 OSs just ignore these packets. (Note: Xmas tree is so-called because it "lights up" the TCP flags "Like a Christmas tree" :) (i.e. All on at once))

-sP - pings the hosts using a TCP connection, a ICMP ping or both
-sL - doesn't actually scan the hosts at all, just prints their IP numbers. Useful for getting lists of hosts for input into other tools. Also does reverse DNS lookups.

There are other types, but they are even weirder and less useful (and generally more hacker-ish)
May 14th, 2003, 11:38 PM
KorpDeath

Just RTFM -http://www.insecure.org/nmap/nmap_documentation.html
May 14th, 2003, 11:39 PM
prodikal

or man nmap or read the README file there there for a reason and should explain all your answers and all the diffrent types of scan methods

edit

must have posted the same time as korp death and slarty
May 15th, 2003, 12:20 AM
er0k

Rewandythal has a good tutorial on this somewhere, search AO for Nmap or just browse through rewandythal's tutorials
May 15th, 2003, 02:51 PM
Delta4ce

Thanx, for the info!