Scanning Commands Flashcards
Nmap scan command to identify open ports
nmap -sS (performs a SYN Scan)
What is a nmap SYN Scan?
A TCP SYN scan is a stealth scan used to determine if ports on a target system are open, closed or filtered. Nmap sends a SYN packet to the target and waits for a response. If the target responds with a SYN/ACK packet, the port is considered open and ready to establish a connection.
What does a -sn nmap scan do?
The -sn command disables port scanning and performs a ping scan to identify active hosts
1) The “-sn” flag is used with nmap to perform a ping scan, which sends ICMP requests to a target host or network to determine hosts is up or not.
What is a nmap -sL scan?
-sL lists potential host targets without confirming they are live. (Creates a host list)
What is the nmap -sS scan?
Designed for port scanning with a SYN scan, does not scan for hosts. This is a stealthy and efficient method of scanning for open ports on a system
What is a nmap -sP scan?
performs a ping scan only
What is a nmap -Pn scan?
-Pn command skips host discovery and assumes the host is up. (In Nmap, the -Pn option is used to disable host discovery, effectively treating all specified target IP addresses as active and skipping the initial ping phase. This means Nmap will not send ping requests (ICMP echo requests) to determine if a host is online. Instead, it will directly proceed with any other specified scan functions, such as port scanning, against every target IP provided. )
How do you export scan results in nmap to a specific file
-oG <file>.
example: nmap -sS <Domain> -oG <file>
example: nmap -sS <www.geeksforgeeks.com> - oG nmap_results</www.geeksforgeeks.com></file></Domain></file>
What is a UDP scan?
UDP (User Datagram Protocol)
1)UDP is a connectionless protocol, meaning it doesn’t establish a persistent connection like TCP.
2)A UDP scan is a type of port scan that probes for open UDP ports on a target host. It works by sending UDP packets to various ports and observing the responses. A closed port typically responds with an ICMP “Port Unreachable” message, while a filtered port might not respond at all.
3)Open Ports: Open UDP ports typically don’t respond to UDP packets, as there’s no stateful mechanism to require building a session.
Closed Ports: If an ICMP “Port Unreachable” message is returned, the port is considered closed.
Filtered Ports: A lack of response can indicate a filtered port, where the port is blocked by a firewall or other security mechanism.
4)Typically slower than a TCP scan
What is a TCP scan?
TCP (Transmission control protocol)
1)A TCP scan, also known as a TCP connect scan, is a type of port scanning that uses the TCP protocol to establish a connection with a target host on a specific port. This process involves the TCP three-way handshake, where the scanner sends a SYN packet, the target responds with a SYN-ACK, and the scanner completes the connection with an ACK packet. By observing the responses, the scanner can determine if a port is open, closed, or filtered.
2) Port Status:
Open: If the scanner receives a SYN-ACK packet, it indicates the port is open and listening.
Closed: If the target responds with a RST (reset) packet, it means the port is closed and not listening.
Filtered: If no response is received or if an ICMP unreachable error is received, the port is considered filtered, meaning it’s blocked by a firewall or other network device.
3) TCP scans can be used for various purposes, including:
Reconnaissance: Identifying open ports on a target system to gather information about the services running there.
Vulnerability Assessment: Discovering potential vulnerabilities in the services running on open ports.
Attack Planning: Identifying targets that can be exploited.
What is the nmap command for a TCP scan
-sT
TCP scans can be used for various purposes, including:
Reconnaissance: Identifying open ports on a target system to gather information about the services running there.
Vulnerability Assessment: Discovering potential vulnerabilities in the services running on open ports.
Attack Planning: Identifying targets that can be exploited.
What is an ICMP request
An ICMP (Internet Control Message Protocol) request is a network packet used to send control or error messages between network devices. It’s often associated with ping, a troubleshooting tool that uses ICMP to test network connectivity and measure latency.
Purpose:
ICMP is used to communicate information about network problems, such as unreachable destinations, time-exceeded errors, or issues with routing.
How it works:
ICMP packets are typically embedded within IP packets, meaning they travel across the network along with other data.
Ping:
The ping command relies on ICMP to send an “echo request” to a device. If the device is reachable and responding, it sends back an “echo reply,” indicating connectivity.
Error Reporting:
ICMP also includes error messages that can indicate why a packet could not reach its destination, such as network congestion or unreachable hosts.
What does the -sU command do?
In nmap the -sU command performs a UDP scan, which allows user to discover open UDP ports and services on the target system.
