Nmap

Question 1

What does Nmap stand for?

Answer 1

network mapper

Question 2

Nmap

Answer 2

network mapper

Question 3

What is Nmap used for?

Answer 3

Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what’s connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP.1

Question 4

What is a port?

Answer 4

A port is a virtual point where network connections start and end.Each port is associated with a specific process or service.

Question 5

What networking constructs are used to direct traffic to the right application on a server?

Answer 5

Ports

Question 6

How many Ports are available on any network-enabled computer?

Answer 6

65535

Question 7

How many Ports are considered “well-known”?

Answer 7

1024

Question 8

On which Port can a HTTP Webservice nearly always be found?

Answer 8

80

Question 9

On which Port can a HTTPS Webservice nearly always be found?

Answer 9

443

Question 10

On which Port can a Windows NETBIOS nearly always be found?

Answer 10

139

Question 11

On which Port can a SMB (Server Message Block) nearly always be found?

Answer 11

445

Question 12

What is nmap -h

Answer 12

help menu

Question 13

Which switch would you use for a “UDP scan”?

Answer 13

-sU

Question 14

Which switch would you use for a “Syn Scan”?

Answer 14

-sS

Question 15

If you wanted to detect which operating system the target is running on, which switch would you use?

Answer 15

-O

Question 16

Nmap provides a switch to detect the version of the services running on the target. What is this switch?

Answer 16

-sV

Question 17

The default output provided by Nmap often does not provide enough information for a pentester. How would you increase the verbosity?

Answer 17

-v

Question 18

Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?
(Note: it’s highly advisable to always use at least this option)

Answer 18

-vv

Question 19

Why should we always save the output of our scans?

Answer 19

reducing network traffic and thus chance of detection, and gives us a reference to use when writing reports for clients. Also this means that we only need to run the scan once

Question 20

What switch would you use to save the nmap results in three major formats?

Answer 20

-oA

Question 21

What switch would you use to save the nmap results in a “normal” format?

Answer 21

-oN

Question 22

A very useful output format: how would you save results in a “grepable” format?

Answer 22

-oG

Question 23

Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

How would you set the timing template to level 5?

Answer 23

-T5

Question 24

Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

How would you set the timing template to level 5?

Answer 24

-T5

Question 25

We can also choose which port(s) to scan.

How would you tell nmap to only scan port 80?

Answer 25

-p 80

Question 26

How would you tell nmap to scan ports 1000-1500?

Answer 26

-p 1000-1500

Question 27

A very useful option that should not be ignored:

How would you tell nmap to scan all ports?

Answer 27

-p-

Question 28

How would you activate a script from the nmap scripting library?

Answer 28

–script

Question 29

How would you activate all of the scripts in the “vuln” category?

Answer 29

–script=vuln

Question 30

When port scanning with Nmap, there are three basic scan types. These are:

Answer 30

TCP Connect Scans (-sT)
SYN “Half-open” Scans (-sS)
UDP Scans (-sU)

Question 31

Additionally there are several less common port scan types These are:

Answer 31

TCP Null Scans (-sN)
TCP FIN Scans (-sF)
TCP Xmas Scans (-sX)