Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!

Display results as :
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Tue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Fri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Thu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Sat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Sat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Sat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Wed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Fri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Fri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
How to Hack Websites & Servers - Tutorial
Cracking a WPA/WPA-2 Password.. ;)
Backtrack and Facebook
Credit Card Generating Sequence
LARGEST netcat wifi hack
Facebook Like
Similar topics

Share | 

 Network Scanner : Nmap

Go down 
The Joker

Posts : 182
Join date : 2012-06-11
Age : 28

PostSubject: Network Scanner : Nmap   Sat Oct 06, 2012 3:09 am

Nmap best known as hacker’s best friend may it be ethical or criminal is one of the best known network scanners available today. Today nearly each and every hacker uses nmap as network scanning tool and even pen-testing tools are bundled with Nmap as basic port scanning tool. Nmap can scan network, ports, services and also garb OS. This tutorial is written keeping this in mind that everyone should be able to grasp all commands and switches given in this tutorial in single reading. Do you think it’s impossible so why not give a try.

First we divide switches into four types,
1.Synchronous Scans
2.Ping Scans
3.Time Scans
4.Output Type

Synchronous Scan:All synchronous scans start with “-s”(without quotes), note that the ‘s’ denoting synchronous is not capital. Now a basic synchronous scan command is written as follows,

nmap -s[synchronous scan type] ip_address
-sT Synchronous TCP scan
-sS Synchronous Stealth scan(This type of scan most of the time goes undetected by remote system)

-sF Synchronous FIN Scan(Sends FIN packets with RST flag)
-sX XMAS tree scan(A packet is known as XMAS when its all flag are set)
-sU UDP scan
-sN NULL Scan
-sP Ping Scan
-sO Protocol Scan
-sA ACK Scan
-sW Windows Scan
-sR Remote Procedure Call
-sL List DNS
-sI IDLE scan(A scan done with spoofed IP Address)

How to remember all synchronous scans: After reading above switch list you must have noted all types of scans appears to start with first letter capital of its own spelling placed next to “-s” except protocol scan which uses O. So practically you don’t need to remember anything other than which type of scan you want to perform then post fix “-s” with its capital letter. Isn’t that easy, now consider you want to scan aaa.bbb.ccc.ddd for its open ports and DNS entries. Note what you want,
-List DNS that means L

so this will be your command,
nmap aaa.bbb.ccc.ddd -sL

If you want to scan UDP protocol then type,
nmap aaa.bbb.ccc.ddd -sO UDP

Note: No two Synchronous Scans can be combined together.
nmap -sS -sU aaa.bbb.ccc.ddd is illegal.

Ping Scan: All Ping scans start with “-P”, note that P is capital and denotes ping. Now basic ping scan command is written as,

nmap -P[ping scan type] ip_address
-Pn No Ping
-PT TCP Ping
-PA ACK Ping
-PU UDP Ping
-PO Protocol Scan
-PS Synchronous Ping
-PI ICMP Ping Echo
-PB UDP ICMP timestamp
-PM ICMP Net Mask or Masked Scan

Now note the next option appearing after P is first letter capital of word’s own spelling except protocol ping and timestamp ping. As shown earlier everytime p from protocol will be replaced by O in scan type. To remember timestamp switch remember last letter p in timestamp appears like B.

Time Scans: Time switches are denoted by capital T.

-T Paranoid 300 seconds between scans
-T Sneaky 15 seconds between scans
-T Polite 4 seconds between scans
-T Normal Runs parallel scans
-T Aggressive 1.25 sec/probe
-T Insane 0.3 sec/probe

To remember time scans first we arrange times in descending order.
300 15 4 - 1.25 0.3

My friend is Paranoid who Sneaks around networks,
300 15
He appears Polite Normally but is Aggressive to the level of Insanity.
4 - 1.25 0.3

I think that will do. All time switches are appended at last of nmap command
nmap aaa.bbb.ccc -sS -T Polite

Output Type: It just formates output as you want. Always starts with “-o”

-oN Normal Output
-oX XML Output
-oG Grapple Output
-oA All Output

I don’t think now to explain how to remember them.

Other Important Switches:
--traceroute works similar as any other trace route program
-R Resolve DNS along with port scan
-v Scan in verbose mode
-O OS Scan
So here’s an example to create scan:
1.Create a Stealth Synchronous scan with normal output with 15 seconds between each scan. Resolve DNS and use verbose mode?
-Scan Type Synchronous means “-s”
-Subtype stealth “-sS”
-Use verbose “-sS -v”
-Resolve DNS “-sS -v -R”
-Normal Output “-sS -v -R -oN”
-15 seconds between scans “-sS -v -R -oN -T Sneaky”

So the answer is,
nmap aaa.bbb.ccc -sS -v -R -oN -T Sneaky

Following are for you try yourself,
2.Create a Ping protocol scan with 0.3 seconds scan difference between ports.
3.Create a Synchronous UDP scan with xml output use verbose mode.

Do NOT PM me until you are DONATING or Your Upgrade  hasn't been completed even after you have purchased it .
If is one of the above, you can either choose to PM or mail me ..
Back to top Go down
View user profile
Network Scanner : Nmap
Back to top 
Page 1 of 1
 Similar topics
» unable to connect the IWebdriver app to the local network
» Nintendo Network Will Connect To EA Origin!
» The Doe Network - International Center for unidentified & missing persons
» Please clarify my doubts?
» Silent Switches for Software Installations

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: