nmap Essentials Flashcards by Hemant Kumar

What is the basic nmap scan type & what type of scan is this ?

nmap 172.18.1.5

here basic scan type is SYN TCP scan, it scans Top 1000 TCP ports by default

How well did you know this?

Not at all

Perfectly

What is three way HANDSHAKE ?

Three way hand shake is a communication process in TCP / IP Protocol , SYN - SYN-ACK, ACK

How well did you know this?

Not at all

Perfectly

What is TCP half scan ?

SYN only scan is TCP Half scan

How well did you know this?

Not at all

Perfectly

How many types of ports are in Networking ?

Ports are of two types , TCP & UDP.

How well did you know this?

Not at all

Perfectly

How many ports are in TCP/IP Based Network ?

Total ports are TCP-65,536 + UDP-65536 = 131,072
each for TCP & UDP.

0 to 65535 each for TCP & UDP

How well did you know this?

Not at all

Perfectly

What is the range of Standardized Ports ?

Port Zero to 1023 or First 1023 ports are standardized.

How well did you know this?

Not at all

Perfectly

By which organization ports are Standardized ?

IANA - Internet Assigned Numbers Authority

How well did you know this?

Not at all

Perfectly

What is the range of Semi Reserved Ports ?

Port 1024 to Port 49151

These ports are reserved for custom registration , considered as semi-reserved ports

How well did you know this?

Not at all

Perfectly

What is the range of free Ports ?

Port 49152 & higher are free to use, or upto 65535

How well did you know this?

Not at all

Perfectly

How port scanner scan ports ?

Port scanner sends TCP or UDP packet to know the status of port & host

How well did you know this?

Not at all

Perfectly

What is the different type of status of ports ?

Port state would be ,

open , close , filtered

How well did you know this?

Not at all

Perfectly

How UDP works ?

UDP is connection less protocol , no error checking ,

used in live streaming , online video conferencing etc.

How well did you know this?

Not at all

Perfectly

How to do TCP connect scan ?

nmap -sT host

How well did you know this?

Not at all

Perfectly

How to do UDP connect scan ?

nmap -sU host

How well did you know this?

Not at all

Perfectly

How to scan single host ?

nmap ip addr of host

nmap 172.18.1.5

How well did you know this?

Not at all

Perfectly

How to scan hosts in series ?

nmap ip addr,last quad ip seperated by comma

nmap 172.18.1.5,31,32,33

How well did you know this?

Not at all

Perfectly

How to scan two or more hosts at once which are on different subnet?

nmap options hosts separated by space

nmap 172.18.1.5 10.10.10.2 172.22.1.254

How well did you know this?

Not at all

Perfectly

How to scan subnet ?

nmap CIDR notation of subnet

nmap 172.18.0.0/22

How well did you know this?

Not at all

Perfectly

How to scan specific single port ?

nmap -p 80 172.18.1.5

How well did you know this?

Not at all

Perfectly

How to scan 2 or more than 2 specific ports ?

nmap -p port numbers seperated by comma

nmap -p 80,21, 172.18.1.5

How well did you know this?

Not at all

Perfectly

How to scan Top 20 or Top 100 0r 1000 ports ?

nmap –top-ports numberOfPorts host

nmap –top-ports 100 172.18.1.5

How well did you know this?

Not at all

Perfectly

How to scan range of ports ?

nmap -p port-range host

nmap -p 1-20 172.18.1.5

How well did you know this?

Not at all

Perfectly

What is Service Version Scan & how to do it ?

Service version scan is useful when someone is running a service on a non-default port.

nmap -sV 172.18.1.5

How well did you know this?

Not at all

Perfectly

How to save output of nmap in file ?

nmap -oA filename host

nmap -p 1-100 -sV -oA filename 172.18.1.5

here nmap saves output to three different files , .gnmap .nmap or .xml

here -p for ports, -sV for service version scan

How well did you know this?

Not at all

Perfectly

How to do fast scan , disable port scan ?

nmap -sP 172.18.1.5 or | nmap -sn 172.18.1.5

How to scan all ports ?

nmap -p- host nmap -p- 172.18.1.5

How to skip host discovery while scan or assume host is already live ?

nmap -p 1-100 -Pn 172.18.1.5

How to do ARP scan ?

nmap -sn --packet-trace -v 172.18.1.5 this is ARP ping scan

How to do SYN scan ?

nmaP -sS 172.18.1.5 This is half tcp scan

How many ports are scanned by nmap , if no option is given & what type of scan is this ?

without any option nmap will scan first 1000 TCP ports , & this type of scan is TCP SYN or half TCP scan.

How many different types of files can we save the output of nmap?

We can save output in four types of files by using option -oA & -oN Four Types - .gnmap , .nmap , .xml & .txt

How to perfotm half TCP scan ?

nmap -sS host

How to Perform TCP scan ?

nmap -sT host

How to Perform UDP Scan ?

nmap -sU host

How to Perform ACK scan ?

nmap -sA host | Used to check filtered ports or Firewalled Ports

What are the benefits of ACK scan ?

ACK scan is helpful in detecting filtered ports , or to Detect Firewall

How to Perform Service version scan ?

nmap -sV host

How to Perform scan on Top 100 ports by using single switch ?

nmap -F host

How to Perform version trace of service ?

version trace is used with service version scan nmap -sV --version-trace host

How to save nmap output to test file ?

nmap -oN output.txt host

How to detect filtered ports ?

We have to perform ACK Scan ? | nmap -sA host

How to Perform fast host Discovery ?

nmap -sn host

How to Perform host Discovery & disable port scan ?

nmap -sn host or | nmap -Pn host

How to find name server by URL from Linux command line ?

host -t ns 14.139.225.232

How to tracerout with nmap ?

Scan Port 80 Assume Host is alive Use Time Template 4 Use verbose mode nmap -p80 -Pn -T4 --traceroute dopses.aries.res.in -v

How to perform ARP Scan ?

nmap -sP host o3r nmap -sn -v --packet-trace host

Which Web Database URL can be used to search sub-domains & hostnames ?

netcraft | http://searchdns.netcraft.com/?host

How to get Domain details from linux Terminal ?

whois 14.139.225.232

How to save nmap output to three different files ?

nmao -oA logbase host

How to Scan all TCP or UDP Ports ?

Scan all TCP Ports nmap -sT -p- host Scan all UDP nmap -sU -p- host

How to scan Selected Ports with the notation of TCP ports only ?

nmap -p- T:80,443,9100

How to Perform nmap scan which only show open ports

nmap -sT -F --open 172.18.1.5 -v

Which ports works on printer ?

Both TCP & UDP Ports 515 - Printer Port , 631 - ipp Apple Talk 9100 - jetdirect

How to perform Specific port scan ?

nmap -p 80,443 host

How to scan port range ?

nmap -p 1-100 host

How to scan Top 100 Ports only ?

nmap --top-ports 100 host

Where is Service probes of nmap are stored on system ?

less /usr/share/nmap/nmap-service-probes

How to perform Service version scan with Top 100 ports ?

nmap -sV -F host

How to Display live network trace while scanning top 1000 ports ?

nmap --top-ports 1000 :--packet-trace -v host

How to assume host is alive while scanning top ports ?

nmap -Pn --top-ports 1000 host

How to skip host discovery while scanning ports ?

nmap -Pn --top-ports host

How to enable verbose mode while scanning ?

nmap -v host

How to use Timing Template to increase scan speed ?

nmap -p- -T5 -Pn --packet-trace host -T value is 0 to 5

How to show interface & Routes using nmap ?

nmap --iflist

How to Perform ultra fast scan , Ping sweep , scan 2000 random ip addresses ?

nmap -iR 2000 -n -sP --min-rate 1000 --max-retries 0 --max-rtt-timeout 100ms --max-scan-delay 0 -T5

How to grep one above & one below line of every match ?

nmap -sn 172.18.0.0/22 | grep -A1 -B1 "Host is up"

How to multiple string match with grep ?

nmap -sn 172.18.1.5 | grep -A 1 -B 1 -E "Host is up|Nmap done:"

How to add some string line after each match in grep to seperate each match while using ?

nmap -sn host | grep --group-seprator ---- -A1 -B1 -E "Host is up|Nmap done:"

How to disable DNS Resolution ?

nmap -n -sn host

How to ignore closed ports scan time to inhance scanning ?

nmap -sS defeat-rst-ratelimit -T4 172.18.1.5

How to increase UDP port scanning ?

nmap -sU -T4 defeat-icmp-ratelimit host

How to detect OS by nmap scanning ?

nmap -O host

How to detect OS by guess ?

nmap -O -fuzzy

How to detect OS by scanning Top 100 Ports ?

nmap -O -F 172.18.1.5

How to enable OS detection in nmap scanning ?

nmap -F -A -v 172.18.1.5

How to guess os Detect ?

nmap -O --osscan-guess 172.18.1.5

How to detect OS by service version scan ?

nmap -p80 -sV --verson-trace 172.18.1.5 -reason

How to display reason with scan ?

nmap -F -reason 172.18.1.5

How to scan hosts from file ?

nmap -F -iL hosts.txt -v -n -Pn host

How to scan hosts from file with more speed ?

nmap -F -iL hosts.txt -v -n -Pn host --max-retries 0 host

How to Perform Null Fin Xmas scans ?

nmap -sN host

How to scan with Timr Template ?

nmap -F -reason -Pn T4 -v 172.18.1.5

How to scan with time template with more speed ?

nmap -F -reason -Pn T4 --max-rtt-timeout 20ms -v 172.18.1.5

How to scan with time template with more speed by setting up round trip time?

``` Scan Top 100 ports show return output Assume Host is Alive Show each packet Enable verbose Set round trip time Set Time Template to 4 ``` nmap -F -Pn --packet-trace -v -reason --max-rtt-timeout 20ms 172.18.1.5

How to check port connectivity from Linux ?

ncat 172.18.1.5 80 -v

How to know port associated with which service & process ID ?

netstat -lntp | grep -w ':22'

How to know which process / service listening on a port ?

lsof -i ;22

How to show PIDs listening on port ?

fuser 22/tcp

How to find process name by program ID ?

ps -p PID | ps -p 1692

How to Find All running processes on system ?

ps -aux

How to find nameserver of domain from linux Terminal ?

host -t ns aries.res.in

How to find IP Address of host from Linux Terminal ?

host google.com

How to find mx record of domain ?

host -n -t google.com

What is Null Scan probe ?

Establishing a TCP Connection & then waiting for 5 seconds to get any kind of data from the server ?