NMAP
Usage:
Command line:
If you don't run with sudo results will vary.
Syntax:
Extra:
-A
OS detection, Version detection, script scanning
DNS
Find dns server in a network:
Clean output of dns server
Ports:
-p
Will scan specifed port
T: TCP only
U: UDP only
Can do a range and protocol specification:
nmap <ip> -p T:22,U:4000
-sP or -sn
No port scan
Host Discovery:
-Pn
no ping / no host discovery
-sL
use the list of targets instead of dicovery
--traceroute
Enables traceroute functionality
Timing:
T0-T5
The lower the slower T5 means you don't care if you set off alarms
T0 makes 1 request ~5 minutes
Services:
-sV
perform the serice detection
Scan Types:
-sT
TCP Connect
Completes 3 way handshake
-sU
UDP Scan
Fast
-O
Enables OS Detection
Output:
-oG -
Makes the nmap output 'grepable'
--script
Allows you to specify the scripts
Resources:
Last updated