7 Techniques of Nmap port scanner – Scanning

How to use dnsenum for dns enumeration - Kali

MODULE 5:- Scanning Network and Vulnerability

  1. Introduction of port Scanning – Penetration testing
  2. TCP IP header flags list
  3. Examples of Network Scanning for Live Host by Kali Linux
  4. important nmap commands in Kali Linux with Example
  5. Techniques of Nmap port scanner – Scanning
  6. Nmap Timing Templates – You should know
  7. Nmap options for Firewall IDS evasion in Kali Linux
  8. commands to save Nmap output to file
  9. Nmap Scripts in Kali Linux
  10. 10 best open port checker Or Scanner
  11. 10 hping3 examples for scanning network in Kali Linux
  12. How to Install Nessus on Kali Linux 2.0 step by step
  13. Nessus scan policies and report Tutorial for beginner
  14. Nessus Vulnerability Scanner Tutorial For beginner

How to use Nmap port scanner – Scanning

In the nmap port scanner “-s” (lowercase s) prefix is used to specify the type of scan should be launched on the target defined in the scan command. The selection of scan type can help the penetration tester to evade by some host and network security system for example IDS/IPS, Firewalls etc.

Half Open/Stealth Scan (-sS)

The stealth scan is the default type of scanning used by Nmap port scanner when no scan option is defined. In this type of scanning, pentester’s machine sends SYN packet to the target machine. The target machine will reply back with an SYN/ACK packet. The attacker will send RST packet instead of ACK (acknowledgment). If a port is closed then target machine send RST packed instead of SYN/ACK packet.

-sT TCP Connect Scan/Full Open Scan

TCP connect scan can mostly be used to gather more information about the target. In this case, the attacker sends an SYN packed to target. Target machine hopefully gives the reply with SYN/ACK packet. The attacker completed the communication by sending a final ACK packet.

-sA Acknowledgement Scan by nmap port scanner

Acknowledgment scan is used to determine TCP port is filtered or unfiltered. In this scan, Attacker communicates with the target machine with ACK (acknowledgment) flag. If the RST (reset) response from target means the port is unfiltered, and if no response or response with unreachable error indicates the port is filtered.

-sX Xmas Scan

In this type of scanning, attacker sends packet with FIN, PUSH, URG flag. If no response from target side indicates the port is open, and if the target response with RST (reset) packet indicates the port is closed.

-sP FIN Scan by nmap port scanner 

In this type of scanning, attacker sends a packet only with FIN flag. If no response from targets side means the port is open, and if target response with RST/ACK packet indicate the port is closed.

-sN Null Scan

In Null Scan sends the packet without flags to the target host. I response from target side indicates the port is open if target response with RST/ACK indicates the port is closed.

-sU UDP Scan by nmap port scanner

The UDP scan evaluates the UDP ports on the target system. Dissimilar to filtering TCP ports, UDP scans hope to get a response back from target that has the tested ports shut. packets sent to open UDP ports are not reacted; then again, if the packet sent inspires a response from the target, then the port being tested is open. In the event that no response is accepted, then the port could be open alternately could be separated by a gadget like a firewall. Shut UDP ports might be recognized by an ICMP response with a sort 3 and code 3 response Finally, ports that are affirmed to be filtered will have an ICMP response of sort 3 with codes of 1, 2, 9, 10, or 13, demonstrating different inaccessible errors.


Thanks for giving your valuable time to reading this article, if you have any question related this article or nmap scanning series let me know in comment box

Thanks & Cheers!


If Appreciate My Work, You should consider:

2 thoughts on “7 Techniques of Nmap port scanner – Scanning

Leave a Reply

Your email address will not be published. Required fields are marked *