Deep Dive Into Nmap Scan Techniques

PenTest-duck
Sep 30 · 6 min read

Introduction

nmap -h SCAN TECHNIQUES output

TCP Connect Scan (-sT)

TCP Connect Scan captured in Wireshark (23 = closed, 22 = open)

TCP SYN (“Stealth”/“Half-Open”) Scan (-sS)

TCP SYN Scan captured in Wireshark (23 = closed, 22 = open)

UDP Scan (-sU)

UDP Scan captured with Wireshark (88 = open, 89 = closed)
Nmap returns “open|filtered”

Null, FIN & Xmas Scans (-sN, -sF, -sX)

Null, FIN and Xmas scan captured in Wireshark (22 = open, 23 = closed)

ACK Scan (-sA)

ACK Scan captured in Wireshark (22 = open, 23 = closed)

Idle Scan (-sI)

Further Digging:

PenTest-duck

Written by

Aspiring Next-Generation Penetration Tester

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade