NMAP Scannning Options
of 21
Transcript of NMAP Scannning Options
-
NMAP Scanning Options
EC-Council
NMAPNmap is the most popular scanning tool used on the Internet.Cretead by Fyodar (http://www.insecure.org) , it was featured in the Matrix Reloaded movie.
EC-Council
SYN ScanningSyn scanning, a technique that is widely across the Internet today. The syn scan, also called the "half open" scan, is the ability to determine a ports state without making a full connection to the host. Many systems do not log the attempt, and discard it as a communications error. You must first learn 3-way handshake to understand the Syn scan.
EC-Council
TCP Communication FlagsStandard TCP communications are controlled by flags in the TCP packet header. The flags are as follows: Synchronize - also called "SYNUsed to initiate a connection between hosts. Acknowledgement - also called "ACKUsed in establishing a connection between hosts Push - "PSHInstructs receiving system to send all buffered data immediately Urgent - "URGStates that the data contained in the packet should be processed immediately Finish - also called "FIN" Tells remote system that there will be no more transmissionsReset - also called "RSTAlso used to reset a connection.
EC-Council
Three Way Handshake Computer AComputer B
192.168.1.2:2342 ------------syn----------->192.168.1.3:80192.168.1.2:2342 192.168.1.3:80 Connection Established
The Computer A ( 192.168.1.2 ) initiates a connection to the server ( 192.168.1.3 ) via a packet with only the SYN flag set. The server replies with a packet with both the SYN and the ACK flag set. For the final step, the client responds back the server with a single ACK packet. If these three steps are completed without complication, then a TCP connection has been established between the client and server.
EC-Council
Stealth ScanComputer AComputer B
192.168.1.2:2342 ------------syn----------->192.168.1.3:80192.168.1.2:2342 192.168.1.3:80
Client sends a single SYN packet to the server on the appropriate port. If the port is open then the server responds with a SYN/ACK packet.If the server responds with an RST packet, then the remote port is in state "closed The client sends RST packet to close the initiation before a connection can ever be established. This scan also known as half-open scan.
EC-Council
Xmas ScanComputer AComputer B
Xmas scan directed at open port:
192.5.5.92:4031 -----------FIN/URG/PSH----------->192.5.5.110:23192.5.5.92:4031 192.5.5.110:23192.5.5.92:4031192.5.5.110:23192.5.5.92:4031
![ì Computer NetworkingOS Detection ìWhat operating systems are on the network? nmap–O [options] {target specification} root@kali:~# nmap-O scanme.nmap.org Starting Nmap 7.80 ( )](https://static.fdocuments.in/doc/165x107/60b87b2054753937a1066c85/-computer-networking-os-detection-what-operating-systems-are-on-the-network.jpg)
