Network commands¶
nmap¶
- References:
- nmap home page: nmap.org, nmap tutorial, Nmap Reference Guide.
Target Specification¶
IPv4 address | 192.168.1.1 |
IPv6 address | AABB:CCDD::FF%eth0 |
Host name | www.target.tgt |
IP address range | 192.168.0-255.0-255 |
CIDR block | 192.168.0.0/16 |
Target Ports¶
default | 1,000 most popular ports |
-F | Scan 100 most popular ports |
-p<port1>-<port2> | Port range |
-p<port1>,<port2>,… | Port List |
-pU:53,U:110,T20-445 | Mix TCP and UDP |
-r | Scan linearly (do not randomize) |
–top-ports <n> | Scan n most popular ports |
-p-65535 | 1 to 65535 |
-p40- | 40 to 65535 |
-p- | scan ports 1-65535 |
Scan Types¶
-sP | Probe only (host discovery) |
-sS | SYN Scan |
-sT | TCP Connect Scan |
-sU | UDP Scan |
-sV | Version Scan |
-O | OS Detection |
Probing Options¶
-Pn | Don’t probe |
-PB | Default probe (TCP 80, 445 & ICMP) |
-PS<portlist> | probe TCP ports |
-PE | Use ICMP Echo Request |
-PP | Use ICMP Timestamp Request |
-PM | Use ICMP Netmask Request |
Timing¶
Time between packets.
-T0 | -T paranoid |
-T1 | -T sneaky |
-T2 | -T polite |
-T3 | -T normal |
-T4 | -T aggressive |
-T5 | -T insane |
Examples¶
More details in nmap.org examples
nmap -v scanme.nmap.org | verbose scan of reserved TCP ports |
nmap -sS -O scanme.nmap.org/24 | stealth SYN, try to determine os |
nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127 | host and scan on SSH, DNS, POP3, IMAP and 4564 TCP ports |
nmap -sP -PS 198.116.1.0/24 | Discover hosts with TCP SYN ping scans |
nmap -T4 -n -Pn -p- 198.116.0.0/16 | quick scan: aggressive, no dns, no ping |