What is Nmap?
How is it used?
nmap [ <Scan Type> ...] [ <Options> ] { <target specification> }
The -p
switch determines the type of ping to perform.
Nmap Switch |
Description |
-PI |
ICMP ping |
-Po |
No ping |
-PS |
SYN ping |
-PT |
TCP ping |
The -s
switch determines the type of scan to perform.
Nmap Switch |
Description |
-sA |
ACK scan |
-sF |
FIN scan |
-sI |
IDLE scan |
-sL |
DNS scan (a.k.a. list scan) |
-sN |
NULL scan |
-sO |
Protocol scan |
-sP |
Ping scan |
-sR |
RPC scan |
-sS |
SYN scan |
-sT |
TCP connect scan |
-sW |
Windows scan |
-sX |
XMAS scan |
Port Specification and Scan Order
Service/Version Detection
Nmap Switch |
Description |
-sV |
Enumerates software versions |
Nmap Switch |
Description |
-sC |
Run all default scripts |
The -t
switch determines the speed and stealth performed.
Nmap Switch |
Description |
-T0 |
Serial, slowest scan |
-T1 |
Serial, slow scan |
-T2 |
Serial, normal speed scan |
-T3 |
Parallel, normal speed scan |
-T4 |
Parallel, fast scan |
Not specifying a T
value will default to -T3
, or normal speed.
Firewall/IDS Evasion and Spoofing
Nmap Switch |
Description |
-oN |
Normal output |
-oX |
XML output |
-oA |
Normal, XML, and Grepable format all at once |