How do i use nmap to scan ports other than the default syn method?



  • TCP Connect.

     -sT (TCP connect scan) .
    	   TCP connect scan is the default TCP scan type when SYN scan is not an option. This is the
    	   case when a user does not have raw packet privileges. Instead of writing raw packets as most
    	   other scan types do, Nmap asks the underlying operating system to establish a connection with
    	   the target machine and port by issuing the connect system call. This is the same high-level
    	   system call that web browsers, P2P clients, and most other network-enabled applications use
    	   to establish a connection. It is part of a programming interface known as the Berkeley
    	   Sockets API. Rather than read raw packet responses off the wire, Nmap uses this API to obtain
    	   status information on each connection attempt.
    
    $ nmap -sT localhost
    
    -sV (Version detection) .
    	   Enables version detection, as discussed above. Alternatively, you can use -A, which enables
    	   version detection among other things.
    
    	   -sR.	 is an alias for -sV. Prior to March 2011, it was used to active the RPC grinder
    	   separately from version detection, but now these options are always combined.
    

    Version detection.

    $ nmap -sV localhost
    

    By version detection, it is the versions of the protocols.

    PORT    STATE SERVICE VERSION
    22/tcp  open  ssh     OpenSSH 7.4 (protocol 2.0)
    25/tcp  open  smtp    Postfix smtpd
    111/tcp open  rpcbind 2-4 (RPC #100000)
    631/tcp open  ipp     CUPS 1.6
    Service Info: Host:  centos-linux.shared
    

    You can perform more aggressive version detection by using the option --version-intensity level.

    $ nmap -sV --version-intensity 5 localhost
    

 

© Lightnetics 2018