- Checks which hosts are up by probing the specified TCP & UDP Ports:
nmap -sn -PS21,22,23,25,53,80,135,139,443,445,3389,8080 -PU53,67,68,123,137,161,500,1900 -T4 -O <target>
Use -O or --osscan-guess to show OS.
Best method to scan ports:
Open Prorts scan:
nmap --open -p0- -n -Pn -vvv --min-rate 5000 -oG nmap/port_scan
Then Service versions scan for each port:
nmap -p<discoverd_ports> -n -Pn -vvv -sCV --min-rate 5000 -oN nmap/open_port
TCP scan:
Scans all TCP ports and their versions and guess OS
nmap -sS -sV -O -p- -T4
UDP Scan:
Scans all UDP ports and their versions and guess OS
nmap -sU -sV -O -p- -T4
Stealth Scans:
- This scans ports on the specified network and delays 10s and fake the source IP as the Gateway (Because it ends with 1) and also fragment packets.
nmap -sS -sV --scan-delay 10s -d 192.168.1.1 -f 192.168.1.0/24