Scribd
Upload
45 views8 pages

Nmap Port Scanning Commands Guide

The document provides an overview of Nmap commands for port scanning, including how to identify open, closed, and filtered ports. It details various scanning techniques, such as TCP SYN scans, UDP scans, and OS detection, along with options for customizing scans and navigating firewalls. Additionally, it includes commands for managing targets, excluding hosts, and using scripts for enhanced scanning capabilities.

Uploaded by

anaghaghosh.papu.study
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views8 pages

Nmap Port Scanning Commands Guide

The document provides an overview of Nmap commands for port scanning, including how to identify open, closed, and filtered ports. It details various scanning techniques, such as TCP SYN scans, UDP scans, and OS detection, along with options for customizing scans and navigating firewalls. Additionally, it includes commands for managing targets, excluding hosts, and using scripts for enhanced scanning capabilities.

Uploaded by

anaghaghosh.papu.study
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Port state

open application is actively accepting tcp, udp SCTP


closed it is there but closed might open up later filtered
nmap cannot determine weather it is open or not
because of packer filtering of firewall
unfiltered port is accessible but nmap cannot tell weather it
is open or closed
filter vs unfiltered filtered probe
was dropped
unfiltered probe was received but no information was
provided

Basic Commands
[Link]

nmap -h
man nmap
nmap -V
nmap -v (more detailed information) nmap -vv
for more detailed output multiple targets
nmap target1(space)target2(space)target3
whole subnet
namp ip/24
range of ip
nmap ip-range [Link]-10
list of ip/domain (seprated by space tab or new line)
nmap -iL filename
exclude hosts nmap [Link]/24 --exclude
[Link]
exclude multile nmap -F ip /subnet --
excludefile filename
selecting interface ip
address nmap -e
interface ip
ipv6 - nmap -6
ipv6 random
target nmap -iR
3
display port state reason codes
nmap --reason ip
only display open ports
nmap --open ip
trace packets nmap --
packet-trace
port scanning nmap -p- for all
the ports
nmap -F for 100 most used by default
1000 nmap -p port target nmap -p
port1,port2,port3 ip
nmap -p tcp ip (through name if it is in servise list file nmap
services nmap -p " *" ip
Top Ports
- nmap --top-ports number ip
Sequential scan
nmap -r ip (by default random to evade
firewall) nmap -v -r to study eacn port in depth
THM lab

Foundation Scanning
skip ping command (default open to increase effectiveness)
nmap -PN ip
ping only
nmap -sP
TCP syn ping (standard ICMP pings are blocked)
nmap -PS port ip (by default sent to port 80)
TCP Ack Ping
nmap -PA ip
UDP ping nmap -PU ports IP (default
40 125)
SCTP init ping stream control transmission protocol (default
80 ) (used in IP based telephone system )
nmap -PY ip
ICMP echo ping (default if no other ping command is tehre
) nmap -PE target
ICMP time stamp (used if system is configured only to
block icmp echo ) nmap -PP target
ICMP address mask ping (occasionally bypass firewall)
nmap -PM target
IP protocol ping (default 1 ICMP 2 IGNP 4 IP-in-IP)
nmap -PO target
ARP ping
nmap -PR ip (only for local subnet )
trace route nmap --
traceroute ip
reverse DNS
- nmap -R ip (by default only for those hosts that
appearonline )
- nmap -n to disable reverse DNS for situations where we

donot require detailed info advance scans


TCP scan
Stealth scan
-nmap -sS stealth scan not proper connection
TCP connect scan nmap -sT target
(direct connection)
UDP scan
nmap -sU target
null scan nmap -sN target (dispatch without
tcp flag)

OS detection
TCP IP fingerprinting
nmap -O ip
limit it
nmap -O --osscan-limit
guess it nmap -O --osscan-
guess
fuzzy
--fuzzy serveice
version detection nmap -
sV
version number nmap -sV --
version trace

navigating firewalls
fragmenting custom mtu (maximum transmission unit )
nmap --mtu 16 IP (16 small bits must be multiple of 8 )
Decoy address nmap
-D RND:5 ip
Zombie host namp -sI
zombiehost ip
source port number default port for all
source nmap --source-port
portnumber ip or nmap -g
portnumber ip
data length nmap --data-length
number IP
randomize hosts nmap --
randomize-hosts
spoof mac nmap --spoof-
mac 0 ip
Scripts
[Link]/nsedoc/scripts

You might also like