Nmap Tips and Tricks

Peter Kacherginsky
24 min readDec 15, 2008

Nmap (Network MAPper) is a network port scanner with service version and operating system detection engines. The tool was originally developed by Fyodor and published in Phrack Issue 51 in 1997. The tool is command line although a number of GUIs exist. Nmap runs on a variety of platforms including Linux, *BSD, Windows, and others.

Port Scanning

Nmap uses several port scanning approaches. Table below summarizes “canned” scan types and corresponding command line flags:

  • -sT: TCP Connect() Scan
  • -sS: SYN Scan
  • -sA: ACK Scan
  • -sW: Window
  • -sN: Null Scan
  • -sF: FIN Scan
  • -sX: XMas Scan
  • -sU: UDP Scan
  • -sM: Maimon Scan
  • -sO: IP Protocol Scan
  • -sI: host:port Idle Scan
  • -b: FTP Bounce Scan

Using the above table, we can quickly generate a simple SYN scan on a Windows box:

nmap -sS 192.168.1.100Interesting ports on 192.168.1.100: 
Not shown: 1692 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
MAC Address: 00:11:22:33:44:55
Nmap finished: 1 IP address (1 host up) scanned in 1.347 seconds

--

--

Peter Kacherginsky

Blockchain Security, Malware Analysis, Incident Response, Pentesting, BlockThreat.net