NMap Info Flashcards
What is NMap?
Nmap (Network Mapper) is a powerful network scanning tool used for discovering hosts, services, and vulnerabilities in a network.
What are the key functions of Nmap?
- Host discovery
- Port scanning
- OS detection
- Version detection
- Scriptable interaction with targets
What is the basic command to perform a default Nmap scan?
nmap [target]
(Default scan checks the 1,000 most common TCP ports.)
What does the default nmap scan cover?
Default scan checks the 1,000 most common TCP ports
Using NMap, how do you scan all 65,535 ports?
nmap -p- [target]
What does the -sS argument in Nmap do?
Performs a stealth (SYN) scan, which sends SYN packets and analyzes responses without completing the TCP handshake.
What does the -sT argument in Nmap do?
Performs a TCP connect scan, establishing a full connection to the target.
What does the -A argument in Nmap do?
Enables agreesive scan:
- -O OS detection:
- -sV version detection
- -sC or –script=default: script scanning
- –traceroute: traceroute
What is the purpose of the -p argument in Nmap?
Specifies the port(s) to scan. For example: -p 80 scans port 80; -p 1-100 scans ports 1–100.
What is the purpose of the -p- argument in Nmap?
Scans all scan all 65,535 ports of the target
In nmap, what is the -Pn argument used for?
Disables host discovery, treating all hosts as “up” and scanning them.
What does the -sU argument do in Nmap?
Performs a UDP scan, which sends UDP packets to detect open ports.
What does -T in Nmap control?
The scan timing. For example:
-T0 (paranoid)
-T4 (aggressive, faster scans).
What is and why is -T0 used in Nmap?
- Slowest and most cautious level, referred to as “paranoid.” It results in a significantly slower scan speed
- This is designed to minimize the risk of detection by Intrusion Detection Systems (IDS) and other monitoring tools
How do you use Nmap to scan a specific IP range?
Use a CIDR notation or IP range:
Example: nmap 192.168.1.0/24
What does the -sV argument do in Nmap
Enables version detection to identify the services running on open ports.
What does –script do in Nmap?
Runs Nmap Scripting Engine (NSE) scripts, which are used for tasks like vulnerability detection and network discovery. Example:
nmap –script vuln 192.168.1.1
What does the nmap -oN argument do?
Outputs scan results in a normal format to a file. Example: nmap -oN results.txt 192.168.1.1
What does -oX do in Nmap?
Outputs scan results in XML format. Example: nmap -oX results.xml 192.168.1.1
How does Nmap perform OS detection?
By using the -O option, which analyzes responses to determine the operating system.
note: requires root privileges in Linux
What does the –reason argument do in Nmap?
Displays the reason why a port is marked as open, closed, or filtered.
How do you use Nmap to find live hosts on a network?
Use the ping scan option: nmap -sn 192.168.1.0/24
What does the –top-ports argument do in Nmap do?
Scans the most common ports. Example: –top-ports 20 scans the top 20 ports.
How can you perform a scan while avoiding detection in Nmap?
Use options like -sS (stealth scan) and adjust timing with -T0 (paranoid mode).