Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers.
This software has several functions for network systems, including the detection of equipment, services and operating systems. These functions are extensible through the use of scripts for advanced detection providers, vulnerability detection and other applications.
Scanning TCP Connect Scan
It’s open a scanning port proccess, requires three-way swapping for a fully port scanning. To know if an open port is sent the flag SYN (connection). If it is open it returns a SYN / ACK and otherwise send RST. The connection is complete and then finish with RST. ACK = accept RST = reset
TCP SYN Scan
It’s a port scanning technique that sends from one host to another only a SYN connection start packages, for each ports that we want to analyze, to define if that ports are open or not. If it’s open, return a SYN / ACK and if not a RST. The connection is chop after receiving the SYN / ACK with RST, to be less noisy than the TCP connect scanning. FLAG -Sf.
TCP FIN Scan
The FIN flag is launched, if it return a RST / ACK its a closed port, if not maybe its open. That kind of port scanning are silent, not usually registered by IDS (Intrusion Detection System). FLAG -Sf.
TCP Xmas Tree Scan
The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx.
TCP Null Scan
That kind of scan reset all indicators on TCP header, receive a RST if the port is not active, otherwise not receive anything.
To discover ports UDP. FLAG -Su
Who to use Nmap
The best way to achieve most information is: nmap -Ss -O -Sv <ip> -O: to know the system version -Sv: to know the servides and their versions assigned to a port
Why use Nmap
We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it.