NMAP Flashcards

Question 1

Q

Port Scan Type: Full Connect

Answer

A

AKA Tcp Connect or Full Open Scan. complete 3-way handshake torn down with RST. Easist to detect but most reliable. Open port respond with SYN\ACK– closed with RST

Question 2

Q

Port Scan Type: Stealth

Answer

A

AKA SYN scan or Half-open scan. Only SYN are sent. Open gets a syn/ack closed gets rst. Better at hiding scan and bypassing firewalls

Question 3

Q

Port Scan Type: Inverse TCP Flag

Answer

A

AKA Null or FIN scan Uses FIN URG or PSH flag or none at all. Open port gets no response. Closed gets RST/ACK

Question 4

Q

Port Scan Type: XMAS

Answer

A

XMAS URG, PSH FIN, flags are on. Open gets no response. closed gets RST/Ack

Question 5

Q

Port Scan Type: ACK Flag Probe

Answer

A

Probe with ACK. Look at return RST packet if TTL is less than 64 or the WINDOW size has anything other than 0 in it it is open. Also can be used to check filtering if there is no response there is a stateful firewall between attacker and host if a RST comes back there is not

Question 6

Q

Nmap switch: -sA

Question 7

Q

Nmap switch: -sF

Question 8

Q

Nmap switch: -sI

Answer

A

IDLE Scan

Question 9

Q

Nmap switch: -sL

Answer

A

DNS or list scan.

Question 10

Q

Nmap switch: -sN

Answer

A

Null scan

Question 11

Q

Nmap switch: -sO

Answer

A

Protocol Scan

Question 12

Q

Nmap switch: -sP

Answer

A

Ping scan

Question 13

Q

Nmap switch: -sR

Question 14

Q

Nmap switch: -sS

Question 15

Q

Nmap switch: -sT

Answer

A

TCP full connect

Question 16

Q

Nmap switch: -sW

Answer

A

Window scan

Question 17

Q

Nmap switch: -sX

Answer

A

Xmas Scan

Question 18

Q

Nmap switch: -PI -PE -PM -PP

Answer

A

ICMP ping

Question 19

Q

Nmap switch: -Po -PN

Question 20

Q

Nmap switch: -PS

Question 21

Q

Nmap switch: -PT

Question 22

Q

Nmap switch: -oN

Answer

A

Normal output

Question 23

Q

Nmap switch: -oX

Answer

A

XML output

Question 24

Q

Nmap switch: -oG

Answer

A

GREPable output

Question 25

Q

Nmap switch: -oA

Answer

A

All formats including script kiddie

Question 26

Q

Nmap switch: -O

Answer

A

OS finger printing

Question 27

Q

Nmap switch: -A

Answer

A

aggressive scan includes version scan, script, protocol, and traceroute

Question 28

Q

Nmap switch: -F

Answer

A

Fast limited ports only 100

Question 29

Q

Nmap switch: -P

Answer

A

port range

Question 30

Q

Nmap switch: -iL

Answer

A

input from list

Question 31

Q

Nmap switch: -PR

Question 32

Q

Nmap switch: -f

Answer

A

Fragment package

Question 33

Q

Nmap switch: -T0

Answer

A

Serial slowest Paranoid 5 min between probes

Question 34

Q

Nmap switch: -T1

Answer

A

serial slowest Sneaky 15 seconds between probes

Question 35

Q

Nmap switch: -T2

Answer

A

Serial slow normal speed Polite .4 sec (400 mil seconds) between probes

Question 36

Q

Nmap switch:-T3

Answer

A

Parallel normal speed default (max delay of 1 sec )

Question 37

Q

Nmap switch:-T4

Answer

A

parallel fast scan aggressive max delay of 10 milsec)

Question 38

Q

nmap: -T5

Answer

A

insane mode caps and delay at 5ms

Question 39

Q

Nmap switch: -R -n

Answer

A

Dns resolution for everything and no DNS resolution for anything

Question 40

Q

Nmap switch: -D RND:10.0.0.0

Answer

A

creates decoy random ips with attackers ip interspersed as well

Question 41

Q

nmap –script http-trace -p80 localhost

Answer

A

detects server that uses trace

Question 42

Q

nmap –script http-google-email

Answer

A

lists email accounts

Question 43

Q

nmap –script hostmap-*

Answer

A

discovers virtual host the * is replaced with DB you are querying.

Question 44

Q

nmap –script http-enum -p80

Answer

A

enumerates common web applications

Question 45

Q

nmap -p 80 – script http-robots.txt

Answer

A

grabs robots.txt file

Question 46

Q

Full Open Scan. complete 3-way handshake torn down with RST. Easist to detect but most reliable. Open port respond with SYN\ACK– closed with RST

Answer

A