SCANNING Flashcards
classique scan TCP
nmap -sT
all the stealth scan ?
syn scan (half-open scan) fin scan xmas scan null scan ack scan idle scan
fin scan
nmap -sF
XMAS scan
nmap -sX
null scan
nmap -sN
ack scan
nmap -sA
idle scan
nmap -sI
what is the sequence number difference if port is open after using nmap idle technique ? (+0, +1, +2, +3, +4, etc) on the zombie ?
+2 if open
+1 if not open
ICMP scan
nmap -P range/cidr (live host)
nmap -L range/cidr (no packet, used dns resolution)
what is the return of UDP port opened ?
no return
what is the return of UDP port closed ?
ICMP Port Unreachable
which stealth scan doesn’t work against windows ?
because of the RFC 793:
- XMAS scan
- Fin scan
- Null scan
what flag are send when using the XMAS scan ?
URG + PSH + FIN
6
-PN
no ping host before scan (used for host that doesn’t response to ping)
-P0
no ping host before scan (used for host that doesn’t response to ping)