nmap scan tool

Main options

• sT : TCP connect scan, better use SYN which is quicker and stealthy.
• sS : TCP SYN scan, also known as half-open scanning, quite unobtrusive and stealthy, since it never completes TCP connections.
• sU : UDP scan
• sP : PING scanning for host discovery, a ICMP echo request is sent.
• PR : ARP scan.
• F : Fast scan, only scan ports included inside nmap-services file.
• p1-65535 : port interval, here we scan every ports.
• PN : force scan, even if no ping response from adresses.
• P0 : Same as PN.
• O : Try to determine OS target.
• oG : save result into file.
• n : disable DNS resolution.
• R : enable DNS resolution.
• iR : random target scan.

Examples

• TCP connect, scan ports from 1 to 65535, force scan, try to guess OS, target is 192.168.1.1. Save results inside /tmp/001 file.

user@host:~$ nmap -sT -p1-65535 -P0 -0 -oG /tmp/001 192.168.1.1

• Scan 192.168.1.0/24 hosts family addresses

user@host:~$ nmap 192.168.1.0-255

• Scan SYN, random hosts, web service

user@host:~$ nmap -sS -iR 0 -p 80

• Spoof source address (10.0.0.0). Scan 10.0.0.1 host, set source port to 80

user@host:~$ nmap -S 10.0.0.0 -g 80 10.0.0.1

• Host Discovery scan for 10.0.0.0/24 network. Result will show ip and MAC addresses.

user@host:~$ nmap -sP 10.0.0.0/24

sources : tux-planet, nmap.org