Nmap

Question 1

What protocol does Nmap begin scanning with when scanning the subnet of a local network?

Answer 1

When scanning a directly connected network, Nmap starts by sending ARP requests. When a device responds to the ARP request, Nmap labels it with “Host is up”.

Question 2

[CMD] List scan to show the IP’s that will be scanned

Answer 2

nmap -sL [IP.1/24] (Planning of IPs to scan)

Question 3

What is the easiest and most basic way to know whether a TCP port is open?

Answer 3

Telnet ip port

Question 4

[CMD] Connect scan flag

Answer 4

-sT

Question 5

[CMD] Syn scan flag

Answer 5

-sS

Question 6

What are the supposed benefits of doing a Syn Scan? (-sS)

Answer 6

The TCP handshake is never established and thus the connection is never established. This is concidered a stealth scan, since fewer logs and detection risks are expected when you do the port scanning this way.

Question 7

[CMD] UDP scan

Answer 7

-sU

Question 8

What does the flag -F do?

Answer 8

Fast mode – scans the 100 most common ports

Question 9

-p[range] what does this do?

Answer 9

scan ports in range defined. E.g. -p10-1024

Question 10

[Flag] How do you enable OS detection?

Answer 10

-O

Question 11

[Flag] A lot of the goodies in one flag (Traceroute, version, OS detection and some more)

Answer 11

-A

Question 12

[Flag] Scan hosts that appears to be down

Answer 12

-Pn

Question 13

[Flag] Control the rate of packets send per second

Answer 13

–min-rate // –max-rate <number></number>

Question 14

[Flag] -oN

Answer 14

Normal output

Question 15

[Flag] -oX

Answer 15

XML output

Question 16

[Flag] -oG

Answer 16

Grepable output

Question 17

[Flag] -oA

Answer 17

Output in major formats

Question 18

[Flag] -v

Answer 18

Verbose, real time updates

Question 19

[Flag] -d

Answer 19

Debug mode

Question 20

[Flag] How do you scale the number of parallel probes?

Answer 20

–min-parallelism <numprobes> / max</numprobes>