port scan
nmap command line examples
Submitted by soccerfiend on Mon, 2008-09-29 18:23Nmap is a commonly used utility in the security world. The default nmap scan is pretty good but there are a number of options to make your scans more informative and or more efficient.
My current set of command line options varies slightly depending on what I am looking for, but it generally starts with something the looks like this:
- nmap -PN -sU -sS -sV -sC -oA nmap-scan-%D-%T -O --webxml --reason 192.168.1.0/24 , 192.168.2.0/24
This scans two networks, 192.168.0.0/24 and 192.168.1.0. In my case I have two subnets at home with routing between them. This would let me see the whole network at a glance.
- The -PN option does not use ping (ICMP) to test to see if a host is alive before scanning it.
- The sU, sS sV option enables UDP service discovery.
- The sS option scans for TCP services using the SYN TCP Connect method. This is pretty reliable as it mimics a legitimate connection attempt.
- The sV option tells nmap to connect to these services and find out what version they are running. This is useful for finding exploitable services.