Nmap offers various scan types to gather information about network hosts and services. Each scan type has its own method of probing ports and can provide different levels of detail. Here are some common Nmap scan types:
1. TCP Connect Scan (-sT)
- Description: This is the default scan type. It attempts to establish a full TCP connection with the target port.
- Use Case: Useful when you have permission to connect to the target and want to identify open ports.
2. TCP SYN Scan (-sS)
- Description: Also known as a "stealth scan," it sends SYN packets to initiate a connection but does not complete the handshake.
- Use Case: Faster and less detectable than a TCP Connect scan, making it useful for stealthy reconnaissance.
3. UDP Scan (-sU)
- Description: This scan sends UDP packets to the target ports to determine if they are open, closed, or filtered.
- Use Case: Important for discovering services that use UDP, such as DNS or DHCP.
4. TCP ACK Scan (-sA)
- Description: This scan sends ACK packets to determine if ports are filtered or unfiltered.
- Use Case: Useful for mapping firewall rules and determining whether ports are accessible.
5. Window Scan (-sW)
- Description: This scan analyzes the TCP window size in the response to determine if a port is open or closed.
- Use Case: Can be used to bypass certain firewall rules.
6. Null Scan (-sN)
- Description: This scan sends packets with no flags set. It relies on the behavior of the target to determine port status.
- Use Case: Useful for evading some firewalls and intrusion detection systems.
7. FIN Scan (-sF)
- Description: This scan sends FIN packets to determine if ports are open or closed based on the response.
- Use Case: Similar to the Null scan, it can help evade detection.
8. Xmas Scan (-sX)
- Description: This scan sends packets with the FIN, URG, and PSH flags set, lighting up the packet like a Christmas tree.
- Use Case: Used to identify open ports while evading some security measures.
9. Service Version Detection (-sV)
- Description: This option probes open ports to determine the service and version running on them.
- Use Case: Useful for identifying vulnerabilities in specific services.
10. OS Detection (-O)
- Description: This option attempts to determine the operating system of the target host based on TCP/IP stack behavior.
- Use Case: Helps in gathering more information about the target for further analysis.
Example Command
To perform a SYN scan with service version detection, you can use:
nmap -sS -sV target-ip-addressConclusion
Each scan type serves a specific purpose and can be chosen based on the information you need and the environment you are scanning. If you have further questions or need examples of specific scans, feel free to ask!
