The example shows a TCP SYN scan for port numbers 1000 to 3000 nmap -p 1000-3000 -sS Port range can be specified with the parameter -p In case port numbers are not specified, Nmap will scan by default the port range 1–1023. OPEN|FILTERED: when nothing is receivedĭetermine which program is listening on the ports, and also the version of the program.FILTERED: when received other ICMP Unreachable message.CLOSED: when received ICMP Port Unreachable.FILTERED: when received ICMP Port Unreachable.Nmap scan return status for each port depending on whether it is actively accepting TCP/UDP connections, or when no program is listening on that port, or defined FILTERED when Nmap can’t determine the status of the port. Various names are given for this TCP scan method based on the properties: TCP SYN scan / Stealth scan / Half-Open scan nmap -sS Ĭombined TCP and UDP scan can be performed simultaneously in the same scan run that checks ports for both protocols nmap -sU -sS Port scan result Interpretation The second TCP scan method is more often used mainly because it is faster but this method requires root privilege. The big advantage is that this TCP scan method doesn’t require root privilege to be executed. The disadvantages of this method are that is a slower variant of TCP scanning, and also more likely to generate an alert at the target machine log. The first one is the simplest is the TCP Connect scan that completes the TCP 3-way handshake until a connection is established. TCP port scanning can also be distinguished into two methods. Port scanning can be distinguished based on the protocol types: TCP or UDP. CIDR network notation is also supported nmap -sn OS detectionįingerprinting the TCP/IP stack, through inspecting the response packets of the remote machine Nmap is often able to determine the operating system running on the remote machine nmap -O Port scanning P ing sweep, to discover which hosts are alive in a network. Note that Nmap generates a lot of traffic that might trigger an alert on the target network.
After gathered the IP address or hostname of the target machine, or the IP address range in case of a network during the passive reconnaissance phase, Nmap is often used in the scanning phase (active reconnaissance phase) to discover active hosts, open ports, and more detailed information about the services running and their application versions.