Nmap Basics-2

Continuing Port Scan

SYN scan (-sS):

  • Makes a scan by sets SYN flag.
  • SYN scan is a fast scan because only one packet is sent to ports.
  • Often used to evade firewall, IPS and does not leave traces in the logs, because three-way handshake not completed.

SYN scan

TCP connect scan (-sT): 

  • Three-way handshake completed.
  • Leaves traces in the logs.
  • Is a slow scan.

UDP scan (-sU):

  • Uses UDP packets.
  • Is slow scan because three-way handshake not completed.

TCP NULL/FIN/Xmas scan (-sN/-sF/-sX):

  • NULL Scan:The packet is sent to the destination without setting flags
  • FIN Scan:The packet is sent to the destination by setting FIN flag,
  • Xmas scan: The packet is sent to the destination by setting FIN-URG-PSH flags,

You can see that bits set as in the figure below with tcpdump.

Null Scan

Fin Scan

Xmas Scan

TCP ACK Scan (-sA) :

  • Makes a scan by sets ACK flag.
  • Used for firewall detection.

Be the first to comment

Leave a Reply

Your email address will not be published.


*