To perform a stealth scan using Nmap, you can use the TCP SYN Scan option (-sS). This scan type is often referred to as a "stealth scan" because it does not complete the TCP handshake, making it less detectable by intrusion detection systems and firewalls.
Steps to Perform a Stealth Scan
-
Open your terminal: Ensure you have Nmap installed on your system. If you're using Kali Linux, Nmap is pre-installed.
-
Run the SYN Scan Command: Use the following command to perform a stealth scan on a target IP address:
nmap -sS target-ip-addressReplace
target-ip-addresswith the actual IP address of the target you want to scan.
Example Command
For example, to perform a stealth scan on a target with the IP address 192.168.1.10, you would run:
nmap -sS 192.168.1.10Additional Options
You can combine the SYN scan with other options for more detailed results:
-
Service Version Detection: To identify services running on open ports, add the
-sVoption:nmap -sS -sV 192.168.1.10 -
Scan Specific Ports: To scan specific ports, use the
-poption:nmap -sS -p 1-1000 192.168.1.10
Important Notes
- Permissions: Ensure you have permission to scan the target network or device. Unauthorized scanning can be illegal and unethical.
- Firewall Considerations: Some firewalls may still detect SYN scans, so results can vary based on the target's security measures.
If you have any further questions or need assistance with specific scanning techniques, feel free to ask!
