Nmap Flashcards
What does Nmap stand for?
network mapper
Nmap
network mapper
What is Nmap used for?
Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what’s connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP.1
What is a port?
A port is a virtual point where network connections start and end.Each port is associated with a specific process or service.
What networking constructs are used to direct traffic to the right application on a server?
Ports
How many Ports are available on any network-enabled computer?
65535
How many Ports are considered “well-known”?
1024
On which Port can a HTTP Webservice nearly always be found?
80
On which Port can a HTTPS Webservice nearly always be found?
443
On which Port can a Windows NETBIOS nearly always be found?
139
On which Port can a SMB (Server Message Block) nearly always be found?
445
What is nmap -h
help menu
Which switch would you use for a “UDP scan”?
-sU
Which switch would you use for a “Syn Scan”?
-sS
If you wanted to detect which operating system the target is running on, which switch would you use?
-O
Nmap provides a switch to detect the version of the services running on the target. What is this switch?
-sV
The default output provided by Nmap often does not provide enough information for a pentester. How would you increase the verbosity?
-v
Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?
(Note: it’s highly advisable to always use at least this option)
-vv
Why should we always save the output of our scans?
reducing network traffic and thus chance of detection, and gives us a reference to use when writing reports for clients. Also this means that we only need to run the scan once
What switch would you use to save the nmap results in three major formats?
-oA
What switch would you use to save the nmap results in a “normal” format?
-oN
A very useful output format: how would you save results in a “grepable” format?
-oG
Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!
How would you set the timing template to level 5?
-T5
Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!
How would you set the timing template to level 5?
-T5
We can also choose which port(s) to scan.
How would you tell nmap to only scan port 80?
-p 80
How would you tell nmap to scan ports 1000-1500?
-p 1000-1500
A very useful option that should not be ignored:
How would you tell nmap to scan all ports?
-p-
How would you activate a script from the nmap scripting library?
–script
How would you activate all of the scripts in the “vuln” category?
–script=vuln
When port scanning with Nmap, there are three basic scan types. These are:
TCP Connect Scans (-sT)
SYN “Half-open” Scans (-sS)
UDP Scans (-sU)
Additionally there are several less common port scan types These are:
TCP Null Scans (-sN)
TCP FIN Scans (-sF)
TCP Xmas Scans (-sX)