1. High-speed discovery of feasible network hosts
NMAP-SP 192.168.1.* either
NMAP-SP 192.168.1.-254
2, Scanning Udpport
The DP scan method is used to infer the condition of the udpport.
Send a probe to the target host's udpport, assuming that the port is closed by receiving a reply to "ICMP Port unreachable", assuming that the response is not received, it means that udpport may be open or blocked. Therefore, the reverse exclusion method is adopted to determine which udpport are possible out of the open state.
Nmap-p 165-su 10.20.60.24
3. Port description and Scan order
In addition to all the scanning methods discussed earlier. Nmap provides options for how those ports are scanned and whether the scans are random or sequential. By default, NMAP scans the higher ports listed in Port1 to 1024 and nmap-services files with the specified protocol.
-P <port ranges> (scan only specified ports)
This option indicates which port you want to scan, overriding the default value. A single port and the port range, such as 1-1023, represented by hyphens can be. The start and/or end values of the range can be omitted. Respectively causes Nmap to use 1 and 65535. So you can specify-p-to scan from Port1 to 65535. Suppose you specifically specify that you can also scan port0. For IP protocol scanning (-so), this option specifies the protocol number (0-255) that you want to scan.
When scanning both TCPPort and udpport, you can specify the protocol by adding T: or U: in front of the port number.
The protocol qualifier is valid until you specify another one. For example, the parameter-P u:53,111,137,t:21-25,80. 139,8080 will scan the UDP port53,111, and 137, scan the listed tcpport at the same time.
Attention. To scan both UDP and TCP, you must specify-SU, and at least one TCP scan type (such as-SS,-SF, or-st). Assuming no protocol qualifier is given, the port number is added to the list of all protocols.
-F (High speed (limited port) scan)
In Nmap's Nmap-services file (for-so. is the protocol file) specify the port you want to scan. This is much faster than scanning all 65,535 ports. Since the list includes so many tcpport (more than 1200), this differs from the default TCP scan (approximately 1600 ports) speed difference not very large.
If you specify your own small nmap-services file with the--datadir option, the difference is amazing.
-R (Do not scan port in random order)
By default. Nmap scans the port in random order (except for the efficiency of the port, which is often used to move forward).
Such randomization is generally welcome, but you can also specify-R to sequentially port scans.
4. Complete Full scan
Nmap-t4-a-V Targethost
The-a option is used to scan using aggressive (aggressive) mode, and-T4 specifies the timing (Timing) used by the scanning process, which has 6 levels (0-5). The higher the level. The faster the scan, but also easy to be detected and shielded by firewalls or IDs, it is recommended to use T4;-V to display redundant (verbosity) information during a good network communication situation, and to display the details of the scan during the scanning process, so that the user can understand the current scan status.
5. Infer the remote host OS
Nmap-o Targethost
Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.
Precautions for using Nmap