Conducting Basic Nmap Scans
TCP Connect Scan
The TCP Connect Scan is the most basic type of Nmap scan. It establishes a full TCP connection with the target host, which can be useful for identifying open ports and running services. To perform a TCP Connect Scan, use the following command:
nmap -sT <target_ip_or_hostname>
SYN Scan
The SYN Scan, also known as the "half-open" scan, is a more stealthy and efficient alternative to the TCP Connect Scan. It sends a SYN packet to the target host and waits for a SYN-ACK response, which indicates an open port. To perform a SYN Scan, use the following command:
nmap -sS <target_ip_or_hostname>
UDP Scan
The UDP Scan is used to identify open UDP ports on a target host. UDP scans can be slower and less reliable than TCP scans, as some services may not respond to UDP probes. To perform a UDP Scan, use the following command:
nmap -sU <target_ip_or_hostname>
Comprehensive Scan
A Comprehensive Scan combines multiple scan types to provide a more thorough assessment of the target network. This can include a TCP Connect Scan, a SYN Scan, and a UDP Scan. To perform a Comprehensive Scan, use the following command:
nmap -sV -sS -sU -p- <target_ip_or_hostname>
This command will perform a version detection scan (-sV), a SYN Scan (-sS), a UDP Scan (-sU), and a scan of all 65,535 TCP ports (-p-).
Scan Result Interpretation
Nmap scan results provide valuable information about the target network, including:
Information |
Description |
Host Status |
Indicates whether a host is up or down |
Open Ports |
Lists the open ports on the target host |
Service/Version Detection |
Identifies the services and versions running on open ports |
Operating System Detection |
Attempts to determine the target host's operating system |
By analyzing the scan results, you can identify potential attack vectors and vulnerabilities in the target network.