Nmap

nmap

nmap 
 * 1) Syn Scan (defaults to SYN Scan if root, Connect Scan if not. See below)

nmap -sS 
 * 1) SYN Scan (default scan type if logged in as root)
 * 1) "SYN ->"  "SYN/ACK <-"  "RST ->"

nmap -iL list.txt -sn nmap -sT 
 * 1) No port scan (ping only) a list of IPs
 * 1) TCP Connect Scan (only scan you can do without root privileges)
 * 1) "SYN ->"  "SYN/ACK <-"  "ACK ->"

nmap -sL 66.35.250.150-160
 * 1) List Scan does a reverse DNS lookup on a range to find hosts

nmap -sP 10.0.0.0-255
 * 1) Ping Scan does a quick ping to each box, and nothing more

namp -v -sS -) www.my.com 192.168.0.0/16 '192.88-90.*.*'
 * 1) Nmap 3.75 help example:

nmap -v -A scanme.nmap.org nmap -v -sP 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -P0 -p 80
 * 1) Nmap 4.11 help examples:

Nmap files can be found here (such as nmap-services): /usr/share/nmap/

You can use --datadir flag to point Nmap to alternate support files.

Target Specification
All of these formats will scan the same class B network:

Wildcards: 192.168.*.* Range: 192.168.0-255.0-255 Mask Notation: 192.168.0.0/16

Common Options
-sS TCP SYN Scan -sT TCP connect scan -sU UDP port scans (not very reliable) -v Verbose output -vv Very verbose output -O Detect Operating system (TCP/IP fingerprinting) -sV Service version detection -P0 Don't ping, just scan -A Agressive: same thing as -O -sV -T Scan timing -p Choose ports to be scanned -F Fast Scan: only scan ports in nmap-services file -n Don't do reverse DNS lookup (increase scan speed)

nmap References
Auditor CD?


 * Nmap-Tutorial.com
 * IronGeek: Basic Nmap Usage (video slide show)
 * IronGeek: Nmap Video Tutorial 2: Port Scan Boogaloo (video slide show)
 * nmap Reference guide


 * A-SEC Lesson 2 Nmap and other Network Scanning Techniques
 * Yet Another Nmap Tutorial
 * What can you find out from an IP?


 * nmap-tutorial - http://nmap.org/bennieston-tutorial/
 * Port Scanning Techniques - http://nmap.org/book/man-port-scanning-techniques.html
 * Nmap: The Art of Port Scanning - http://nmap.org/nmap_doc.html
 * Timing and Performance - http://nmap.org/book/man-performance.html
 * http://www.derkeiler.com/Mailing-Lists/securityfocus/security-basics/2007-04/msg00386.html


 * Top 30 Nmap Command Examples For Sys/Network Admins - http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/