Execute SYN scan with nmap -sS 192.168.1.1
In this step, you will learn how to perform a SYN scan (also known as a "half-open" scan) using Nmap. A SYN scan is a more stealthy technique than a TCP connect scan because it doesn't complete the full TCP three-way handshake.
Here's how a SYN scan works:
- SYN (Synchronize): The scanner sends a SYN packet to the target.
- SYN/ACK (Synchronize/Acknowledge): If the port is open, the target responds with a SYN/ACK packet.
- RST (Reset): Instead of sending an ACK to complete the connection, the scanner sends a RST packet to abruptly terminate the connection.
Because the full TCP connection is never established, SYN scans are less likely to be logged by the target system compared to TCP connect scans. However, SYN scans typically require root privileges to craft raw packets.
Nmap's -sS
option performs a SYN scan.
Now, let's perform a SYN scan on 192.168.1.1
. Note: This IP address is likely a private IP address on a local network. Ensure you have permission to scan this address. In a real-world scenario, scanning a network without permission is illegal. For the purpose of this lab, we will assume this IP address represents a safe target within your testing environment. If you don't have a device at this address, the scan will likely show all ports as filtered.
-
Open the Xfce terminal.
-
Execute the following command:
sudo nmap -sS 192.168.1.1
This command tells Nmap to perform a SYN scan (-sS
) on the IP address 192.168.1.1
. You will be prompted for your password. Since the labex
user has sudo
privileges without a password, just press Enter
.
- Observe the output. The output will vary depending on the target system. It might look similar to this:
Starting Nmap 7.80 ( https://nmap.org )
Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
The output shows the ports that are open, closed, or filtered on the target system. The STATE
column indicates the status of each port. open
means Nmap received a SYN/ACK packet in response to its SYN packet. closed
means Nmap received a RST packet. filtered
means Nmap couldn't determine whether the port is open or closed because network filtering is preventing Nmap from reaching the port.