nmap Essentials Flashcards

1
Q

What is the basic nmap scan type & what type of scan is this ?

A

nmap 172.18.1.5

here basic scan type is SYN TCP scan, it scans Top 1000 TCP ports by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is three way HANDSHAKE ?

A

Three way hand shake is a communication process in TCP / IP Protocol , SYN - SYN-ACK, ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is TCP half scan ?

A

SYN only scan is TCP Half scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How many types of ports are in Networking ?

A

Ports are of two types , TCP & UDP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many ports are in TCP/IP Based Network ?

A

Total ports are TCP-65,536 + UDP-65536 = 131,072
each for TCP & UDP.

0 to 65535 each for TCP & UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the range of Standardized Ports ?

A

Port Zero to 1023 or First 1023 ports are standardized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

By which organization ports are Standardized ?

A

IANA - Internet Assigned Numbers Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the range of Semi Reserved Ports ?

A

Port 1024 to Port 49151

These ports are reserved for custom registration , considered as semi-reserved ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the range of free Ports ?

A

Port 49152 & higher are free to use, or upto 65535

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How port scanner scan ports ?

A

Port scanner sends TCP or UDP packet to know the status of port & host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the different type of status of ports ?

A

Port state would be ,

open , close , filtered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How UDP works ?

A

UDP is connection less protocol , no error checking ,

used in live streaming , online video conferencing etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to do TCP connect scan ?

A

nmap -sT host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to do UDP connect scan ?

A

nmap -sU host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How to scan single host ?

A

nmap ip addr of host

nmap 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How to scan hosts in series ?

A

nmap ip addr,last quad ip seperated by comma

nmap 172.18.1.5,31,32,33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How to scan two or more hosts at once which are on different subnet?

A

nmap options hosts separated by space

nmap 172.18.1.5 10.10.10.2 172.22.1.254

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How to scan subnet ?

A

nmap CIDR notation of subnet

nmap 172.18.0.0/22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How to scan specific single port ?

A

nmap -p 80 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How to scan 2 or more than 2 specific ports ?

A

nmap -p port numbers seperated by comma

nmap -p 80,21, 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How to scan Top 20 or Top 100 0r 1000 ports ?

A

nmap –top-ports numberOfPorts host

nmap –top-ports 100 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How to scan range of ports ?

A

nmap -p port-range host

nmap -p 1-20 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Service Version Scan & how to do it ?

A

Service version scan is useful when someone is running a service on a non-default port.

nmap -sV 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How to save output of nmap in file ?

A

nmap -oA filename host

nmap -p 1-100 -sV -oA filename 172.18.1.5

here nmap saves output to three different files , .gnmap .nmap or .xml

here -p for ports, -sV for service version scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How to do fast scan , disable port scan ?

A

nmap -sP 172.18.1.5 or

nmap -sn 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How to scan all ports ?

A

nmap -p- host

nmap -p- 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How to skip host discovery while scan or assume host is already live ?

A

nmap -p 1-100 -Pn 172.18.1.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How to do ARP scan ?

A

nmap -sn –packet-trace -v 172.18.1.5

this is ARP ping scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

How to do SYN scan ?

A

nmaP -sS 172.18.1.5

This is half tcp scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How many ports are scanned by nmap , if no option is given & what type of scan is this ?

A

without any option nmap will scan first 1000 TCP ports , & this type of scan is TCP SYN or half TCP scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How many different types of files can we save the output of nmap?

A

We can save output in four types of files by using option -oA & -oN

Four Types - .gnmap , .nmap , .xml & .txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

How to perfotm half TCP scan ?

A

nmap -sS host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

How to Perform TCP scan ?

A

nmap -sT host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

How to Perform UDP Scan ?

A

nmap -sU host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

How to Perform ACK scan ?

A

nmap -sA host

Used to check filtered ports or Firewalled Ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the benefits of ACK scan ?

A

ACK scan is helpful in detecting filtered ports , or to Detect Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

How to Perform Service version scan ?

A

nmap -sV host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

How to Perform scan on Top 100 ports by using single switch ?

A

nmap -F host

39
Q

How to Perform version trace of service ?

A

version trace is used with service version scan

nmap -sV –version-trace host

40
Q

How to save nmap output to test file ?

A

nmap -oN output.txt host

41
Q

How to detect filtered ports ?

A

We have to perform ACK Scan ?

nmap -sA host

42
Q

How to Perform fast host Discovery ?

A

nmap -sn host

43
Q

How to Perform host Discovery & disable port scan ?

A

nmap -sn host or

nmap -Pn host

44
Q

How to find name server by URL from Linux command line ?

A

host -t ns 14.139.225.232

45
Q

How to tracerout with nmap ?

A

Scan Port 80
Assume Host is alive
Use Time Template 4
Use verbose mode

nmap -p80 -Pn -T4 –traceroute dopses.aries.res.in -v

46
Q

How to perform ARP Scan ?

A

nmap -sP host o3r

nmap -sn -v –packet-trace host

47
Q

Which Web Database URL can be used to search sub-domains & hostnames ?

A

netcraft

http://searchdns.netcraft.com/?host

48
Q

How to get Domain details from linux Terminal ?

A

whois 14.139.225.232

49
Q

How to save nmap output to three different files ?

A

nmao -oA logbase host

50
Q

How to Scan all TCP or UDP Ports ?

A

Scan all TCP Ports
nmap -sT -p- host

Scan all UDP
nmap -sU -p- host

51
Q

How to scan Selected Ports with the notation of TCP ports only ?

A

nmap -p- T:80,443,9100

52
Q

How to Perform nmap scan which only show open ports

A

nmap -sT -F –open 172.18.1.5 -v

53
Q

Which ports works on printer ?

A

Both TCP & UDP Ports

515 - Printer Port ,
631 - ipp Apple Talk
9100 - jetdirect

54
Q

How to perform Specific port scan ?

A

nmap -p 80,443 host

55
Q

How to scan port range ?

A

nmap -p 1-100 host

56
Q

How to scan Top 100 Ports only ?

A

nmap –top-ports 100 host

57
Q

Where is Service probes of nmap are stored on system ?

A

less /usr/share/nmap/nmap-service-probes

58
Q

How to perform Service version scan with Top 100 ports ?

A

nmap -sV -F host

59
Q

How to Display live network trace while scanning top 1000 ports ?

A

nmap –top-ports 1000 :–packet-trace -v host

60
Q

How to assume host is alive while scanning top ports ?

A

nmap -Pn –top-ports 1000 host

61
Q

How to skip host discovery while scanning ports ?

A

nmap -Pn –top-ports host

62
Q

How to enable verbose mode while scanning ?

A

nmap -v host

63
Q

How to use Timing Template to increase scan speed ?

A

nmap -p- -T5 -Pn –packet-trace host

-T value is 0 to 5

64
Q

How to show interface & Routes using nmap ?

A

nmap –iflist

65
Q

How to Perform ultra fast scan , Ping sweep , scan 2000 random ip addresses ?

A

nmap -iR 2000 -n -sP –min-rate 1000 –max-retries 0 –max-rtt-timeout 100ms –max-scan-delay 0 -T5

66
Q

How to grep one above & one below line of every match ?

A

nmap -sn 172.18.0.0/22 | grep -A1 -B1 “Host is up”

67
Q

How to multiple string match with grep ?

A

nmap -sn 172.18.1.5 | grep -A 1 -B 1 -E “Host is up|Nmap done:”

68
Q

How to add some string line after each match in grep to seperate each match while using ?

A

nmap -sn host | grep –group-seprator —- -A1 -B1 -E “Host is up|Nmap done:”

69
Q

How to disable DNS Resolution ?

A

nmap -n -sn host

70
Q

How to ignore closed ports scan time to inhance scanning ?

A

nmap -sS defeat-rst-ratelimit -T4 172.18.1.5

71
Q

How to increase UDP port scanning ?

A

nmap -sU -T4 defeat-icmp-ratelimit host

72
Q

How to detect OS by nmap scanning ?

A

nmap -O host

73
Q

How to detect OS by guess ?

A

nmap -O -fuzzy

74
Q

How to detect OS by scanning Top 100 Ports ?

A

nmap -O -F 172.18.1.5

75
Q

How to enable OS detection in nmap scanning ?

A

nmap -F -A -v 172.18.1.5

76
Q

How to guess os Detect ?

A

nmap -O –osscan-guess 172.18.1.5

77
Q

How to detect OS by service version scan ?

A

nmap -p80 -sV –verson-trace 172.18.1.5 -reason

78
Q

How to display reason with scan ?

A

nmap -F -reason 172.18.1.5

79
Q

How to scan hosts from file ?

A

nmap -F -iL hosts.txt -v -n -Pn host

80
Q

How to scan hosts from file with more speed ?

A

nmap -F -iL hosts.txt -v -n -Pn host –max-retries 0 host

81
Q

How to Perform Null Fin Xmas scans ?

A

nmap -sN host

82
Q

How to scan with Timr Template ?

A

nmap -F -reason -Pn T4 -v 172.18.1.5

83
Q

How to scan with time template with more speed ?

A

nmap -F -reason -Pn T4 –max-rtt-timeout 20ms -v 172.18.1.5

84
Q

How to scan with time template with more speed by setting up round trip time?

A
Scan Top 100 ports
show return output 
Assume Host is Alive 
Show each packet 
Enable verbose 
Set round trip time
Set Time Template to 4

nmap -F -Pn –packet-trace -v -reason –max-rtt-timeout 20ms 172.18.1.5

85
Q

How to check port connectivity from Linux ?

A

ncat 172.18.1.5 80 -v

86
Q

How to know port associated with which service & process ID ?

A

netstat -lntp | grep -w ‘:22’

87
Q

How to know which process / service listening on a port ?

A

lsof -i ;22

88
Q

How to show PIDs listening on port ?

A

fuser 22/tcp

89
Q

How to find process name by program ID ?

A

ps -p PID

ps -p 1692

90
Q

How to Find All running processes on system ?

A

ps -aux

91
Q

How to find nameserver of domain from linux Terminal ?

A

host -t ns aries.res.in

92
Q

How to find IP Address of host from Linux Terminal ?

A

host google.com

93
Q

How to find mx record of domain ?

A

host -n -t google.com

94
Q

What is Null Scan probe ?

A

Establishing a TCP Connection & then waiting for 5 seconds to get any kind of data from the server ?