Basic Scanning Techniques
So here I will show the basic techniques for scanning network/host. But before that, you should know some basic stuff regarding Nmap status after scanning.
Port Status: After scanning, you may see some results with a port status like filtered, open, closed, etc. Let me explain this.
Open: This indicates that an application is listening for connections on this port.
- Closed: This indicates that the probes were received but there is no application listening on this port.
- Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering.
- Unfiltered: This indicates that the probes were received but a state could not be established.
- Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state.
- Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state.
Open kali linux terminal and type nmap to serach all nmap commands
Find All Connected PC (Ping Scan)
The -Sp option for a ping only scan. It will be more useful when you have a group of IP addresses and you don’t know which one is reachable.
nmap -sP -T4 192.168.0.1/24
Note:
-T : Used to change speed of scan. Slow scan yields Better results
Multiple IP Scan
nmap -sn 192.168.0.1/24
TCP Ports Scan
TCP connect scan is the default TCP scan type when SYN scan is not an option. It will show you all open TCP ports in Remote PC.
Sinlge IP Scan
nmap -sT 192.168.0.102
Multiple IP Scan
nmap -sT 192.168.0.1/24
Detect Service Version
In this scan you can find the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.
Single Host Service Scanning
nmap -sV 192.168.0.102
Multiple Hosts Scanning
nmap -sV -T4 192.168.0.1/24
Detect Operating System
In this scan you can find the Installed Operating System in the Network PC.
Single Host Scanning
nmap -O 192.168.0.102
Multiple Hosts Scanning
nmap -O -T4 192.168.0.1/24
Detect Protocol
In this scan you can find the PROTOCOL, STATE, SERVICE in the Network PC.
nmap -sO -T4 192.168.0.1/24
Aggressive Scan (Also Work for Trace route)
For Single Host
The aggressive scan selects most commonly used options it is simple alternative to writing long strings. It will also work for traceroute, etc.
nmap -A 192.168.0.102
Multiple Hosts Scanning
nmap -A -T4 192.168.0.1/24
UDP Ping Scan
The UDP scan only on udp ping scans on the target. . It will show you all open UDP ports in Remote PC.
nmap –sU -T4 192.168.0.102
Syn Scan
Complete 2 step in 3 way handshake. No chance of closing or crashing target. Undetected by older System. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls.
nmap –sS 192.168.0.113
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets.
The post Network Scanning using NMAP (Beginner Guide) appeared first on Hacking Articles.