nmap scan tool
Main options
- sT : TCP connect scan, better use SYN which is quicker and stealthy.
- sS : TCP SYN scan, also known as half-open scanning, quite unobtrusive and stealthy, since it never completes TCP connections.
- sU : UDP scan
- sP : PING scanning for host discovery, a ICMP echo request is sent.
- PR : ARP scan.
- F : Fast scan, only scan ports included inside nmap-services file.
- p1-65535 : port interval, here we scan every ports.
- PN : force scan, even if no ping response from adresses.
- P0 : Same as PN.
- O : Try to determine OS target.
- oG : save result into file.
- n : disable DNS resolution.
- R : enable DNS resolution.
- iR : random target scan.
Examples
-
TCP connect, scan ports from 1 to 65535, force scan, try to guess OS, target is 192.168.1.1. Save results inside /tmp/001 file.
user@host:~$ nmap -sT -p1-65535 -P0 -0 -oG /tmp/001 192.168.1.1
-
Scan 192.168.1.0/24 hosts family addresses
user@host:~$ nmap 192.168.1.0-255
-
Scan SYN, random hosts, web service
user@host:~$ nmap -sS -iR 0 -p 80
-
Spoof source address (10.0.0.0). Scan 10.0.0.1 host, set source port to 80
user@host:~$ nmap -S 10.0.0.0 -g 80 10.0.0.1
-
Host Discovery scan for 10.0.0.0/24 network. Result will show ip and MAC addresses.
user@host:~$ nmap -sP 10.0.0.0/24
sources : tux-planet, nmap.org