Next: Contents nbsp; Contents

NMAP - A Stealth Port Scanner

Andrew J. Bennieston

http://www.nmap-tutorial.com

Contents
Introduction
Disclaimer
Basic Scan Types [-sT, -sS]
- TCP connect() Scan [-sT]
- SYN Stealth Scan [-sS]
FIN, Null and Xmas Tree Scans [-sF, -sN, -sX]
Ping Scan [-sP]
UDP Scan [-sU]
IP Protocol Scans [-sO]
Idle Scanning [-sI]
Version Detection [-sV]
ACK Scan [-sA]
Window Scan, RPC Scan, List Scan [-sW, -sR, -sL]
Timing and Hiding Scans
- Timing
- Decoys
- FTP Bounce
- Turning Off Ping
- Fragmenting
- Idle Scanning
OS Fingerprinting
Outputting Logs
Other Nmap Options
- IPv6
- Verbose Mode
- Resuming
- Reading Targets From A File
- Fast Scan
- Time-To-Live
Typical Scanning Session
Frequently Asked Questions
- I tried a scan and it appeared in firewall logs or alerts. What else can I do to help hide my scan?
- NMAP seems to have stopped, or my scan is taking a very long while. Why is this?
- Will -sN -sX and -sF work against any host, or just Windows hosts?
- How do I find a dummy host for the Idle Scan (-sI)?
- What does "Host seems down. If it is really up, but blocking our ping probes, try -P0" mean?
- Where can I find NmapFE?
About This Document
About this document ...

2006-07-15