nmap Essentials Flashcards
What is the basic nmap scan type & what type of scan is this ?
nmap 172.18.1.5
here basic scan type is SYN TCP scan, it scans Top 1000 TCP ports by default
What is three way HANDSHAKE ?
Three way hand shake is a communication process in TCP / IP Protocol , SYN - SYN-ACK, ACK
What is TCP half scan ?
SYN only scan is TCP Half scan
How many types of ports are in Networking ?
Ports are of two types , TCP & UDP.
How many ports are in TCP/IP Based Network ?
Total ports are TCP-65,536 + UDP-65536 = 131,072
each for TCP & UDP.
0 to 65535 each for TCP & UDP
What is the range of Standardized Ports ?
Port Zero to 1023 or First 1023 ports are standardized.
By which organization ports are Standardized ?
IANA - Internet Assigned Numbers Authority
What is the range of Semi Reserved Ports ?
Port 1024 to Port 49151
These ports are reserved for custom registration , considered as semi-reserved ports
What is the range of free Ports ?
Port 49152 & higher are free to use, or upto 65535
How port scanner scan ports ?
Port scanner sends TCP or UDP packet to know the status of port & host
What is the different type of status of ports ?
Port state would be ,
open , close , filtered
How UDP works ?
UDP is connection less protocol , no error checking ,
used in live streaming , online video conferencing etc.
How to do TCP connect scan ?
nmap -sT host
How to do UDP connect scan ?
nmap -sU host
How to scan single host ?
nmap ip addr of host
nmap 172.18.1.5
How to scan hosts in series ?
nmap ip addr,last quad ip seperated by comma
nmap 172.18.1.5,31,32,33
How to scan two or more hosts at once which are on different subnet?
nmap options hosts separated by space
nmap 172.18.1.5 10.10.10.2 172.22.1.254
How to scan subnet ?
nmap CIDR notation of subnet
nmap 172.18.0.0/22
How to scan specific single port ?
nmap -p 80 172.18.1.5
How to scan 2 or more than 2 specific ports ?
nmap -p port numbers seperated by comma
nmap -p 80,21, 172.18.1.5
How to scan Top 20 or Top 100 0r 1000 ports ?
nmap –top-ports numberOfPorts host
nmap –top-ports 100 172.18.1.5
How to scan range of ports ?
nmap -p port-range host
nmap -p 1-20 172.18.1.5
What is Service Version Scan & how to do it ?
Service version scan is useful when someone is running a service on a non-default port.
nmap -sV 172.18.1.5
How to save output of nmap in file ?
nmap -oA filename host
nmap -p 1-100 -sV -oA filename 172.18.1.5
here nmap saves output to three different files , .gnmap .nmap or .xml
here -p for ports, -sV for service version scan
How to do fast scan , disable port scan ?
nmap -sP 172.18.1.5 or
nmap -sn 172.18.1.5
How to scan all ports ?
nmap -p- host
nmap -p- 172.18.1.5
How to skip host discovery while scan or assume host is already live ?
nmap -p 1-100 -Pn 172.18.1.5
How to do ARP scan ?
nmap -sn –packet-trace -v 172.18.1.5
this is ARP ping scan
How to do SYN scan ?
nmaP -sS 172.18.1.5
This is half tcp scan
How many ports are scanned by nmap , if no option is given & what type of scan is this ?
without any option nmap will scan first 1000 TCP ports , & this type of scan is TCP SYN or half TCP scan.
How many different types of files can we save the output of nmap?
We can save output in four types of files by using option -oA & -oN
Four Types - .gnmap , .nmap , .xml & .txt
How to perfotm half TCP scan ?
nmap -sS host
How to Perform TCP scan ?
nmap -sT host
How to Perform UDP Scan ?
nmap -sU host
How to Perform ACK scan ?
nmap -sA host
Used to check filtered ports or Firewalled Ports
What are the benefits of ACK scan ?
ACK scan is helpful in detecting filtered ports , or to Detect Firewall
How to Perform Service version scan ?
nmap -sV host