Nmap is a popular port scanning tool.It can also be used discover hosts, identify the Operating System,  Services running on the ports and lots of other thing.

A simple scan is as follows:

nmap (target address)

This will show us the Ports, their state (open/closed) and the Services running.

  • Open Ports: It means that an application on the target host is accepting TCP connection.
  • Closed Ports: It means that an application on the target host isn’t listening.
  • Filtered Ports: It means that nmap cannot determine whether the the port is open or closed.This may be because of a firewall rule in the target host to block any request packets.

This slideshow requires JavaScript.

Scan Techniques:

sS : This is a SYN scan.The attacker sends a SYN.The remote host responds with a SYN+ACK. A half open connection is made and that is then broken because of the timeout.

sT : This is a Connect scan.In this scan, the attacker sends a SYN.The remote host responds with a SYN+ACK and then the attacker sends the ACK.A Three-Way-Handshake is made.Finally the connection is broken.

sA : This is a ACK scan.This type of scan is cannot determine whether a port is open or closed.Although, this is useful to determine if there is a firewall at the other end.It will show us if the port is filtered or unfiltered.

sV : This is a service scan.It lists the services running on the target.

These scans can be used as the following:

nmap (-sS/-sT/-sA/-sV) (target address)


These are some main techniques.

Stealth Scanning:

In this method of scanning, we won’t be leaving any fingerprints on the target machine.We will use a zombie host to send packets.A zombie host is usually a machine that has already been compromised and is being used to impersonate as the attacker.

The command is as follows in nmap:

nmap -Pn -sI (zombie address) (target address)

-Pn is used here so that we won’t ping the target.
-sI is used for an idle scan.An idle scan is sending spoofed packets to the target (Same as stealth scanning).

Here, the zombie will communicate with the target and not the actual attacker.When the zombie sends packets, the target replies to the zombie.The attacker will only observe.In this way the attacker will leave no traces.

Operating System detection:

nmap -O (target address)


We can exploit the OS according to the vulnerabilities that exist in it.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s