Considering the primary task in every Hacking is Gathering Network basics Information from our target networkConsidering the primary task in every Hacking is Gathering Network basics Information from our target network Network foot-printing are basically done with cli based tool name Nmap. Here below are so,e advance level scanning to be done with Nmap
W e will use Nmap to discover a list of live hosts in the target network. We can use Nmap to scan the active hosts in the target network using various host discovery techniques such as ARP ping scan, UDP ping scan, ICMP ECHO ping scan, ICMP ECHO ping sweep, etc.
Nmap is pre-installed in Linux machine if not you can install it by executing the command – sudo apt install nmap
and for window you can install the software from HERE
1.TCP Scanning Using Nmap:
TCP connect scan completes a three-way handshake with the target machine. In the TCP three-way handshake, the client sends a SYN packet, which the recipient acknowledges with the SYN+ACK packet. In turn, the client acknowledges the SYN+ACK packet with an ACK packet to complete the connection.
In the Command field, type – {nmap -sT -v [Target IP Address] }
-sT: performs the TCP connect/full open scan and -v: enables the verbose output (include all hosts and ports in the output).
2.Stealth Scan in Nmap:
The stealth scan involves resetting the TCP connection between the client and server abruptly before completion of three-way handshake signals, and hence leaving the connection half-open. This scanning technique can be used to bypass firewall rules, logging mechanisms, and hide under network traffic
n the Command field or Zenmap, type – nmap -sS -v [Target IP Address]
-sS: performs the stealth scan/TCP half-open scan and -v: enables the verbose output (include all hosts and ports in the output).
3.Xmas Scanning using Nmap:
Xmas scan sends a TCP frame to a target system with FIN, URG, and PUSH flags set. If the target has opened the port, then you will receive no response from the target system. If the target has closed the port, then you will receive a target system reply with an RST
type nmap -sX -v [Target IP Address]
-sX: performs the Xmas scan and -v: enables the verbose output (include all hosts and ports in the output).
4.TCP Maimon Scan using Nmap:
In the TCP Maimon scan, a FIN/ACK probe is sent to the target; if there is no response, then the port is Open|Filtered, but if the RST packet is sent as a response, then the port is closed.
In the Command field, type nmap -sM -v [Target IP Address]
-sM: performs the TCP Maimon scan and -v: enables the verbose output (include all hosts and ports in the output).
