SCANNING

Question 1

classique scan TCP

Answer 1

nmap -sT

Question 2

all the stealth scan ?

Answer 2

syn scan (half-open scan)
fin scan
xmas scan
null scan
ack scan
idle scan

Question 3

fin scan

Answer 3

nmap -sF

Question 4

XMAS scan

Answer 4

nmap -sX

Question 5

null scan

Answer 5

nmap -sN

Question 6

ack scan

Answer 6

nmap -sA

Question 7

idle scan

Answer 7

nmap -sI

Question 8

what is the sequence number difference if port is open after using nmap idle technique ? (+0, +1, +2, +3, +4, etc) on the zombie ?

Answer 8

+2 if open

+1 if not open

Question 9

ICMP scan

Answer 9

nmap -P range/cidr (live host)

nmap -L range/cidr (no packet, used dns resolution)

Question 10

what is the return of UDP port opened ?

Answer 10

no return

Question 11

what is the return of UDP port closed ?

Answer 11

ICMP Port Unreachable

Question 12

which stealth scan doesn’t work against windows ?

Answer 12

because of the RFC 793:

• XMAS scan
• Fin scan
• Null scan

Question 13

what flag are send when using the XMAS scan ?

Answer 13

URG + PSH + FIN

6

Question 14

-PN

Answer 14

no ping host before scan (used for host that doesn’t response to ping)

Question 15

-P0

Answer 15

no ping host before scan (used for host that doesn’t response to ping)

Question 16

-n

Answer 16

no dns resolution

Question 17

-PS

Answer 17

no ping, but used tcp SYN to check if destination hosts is opened or not. (idem for -PA with ack)

Question 18

-sn

Answer 18

disable port scans, previously -sP

Question 19

-sO

Answer 19

IP Protocol Scan

Question 20

nmap -F

Answer 20

fast