Practical 1
Aim: To learn TCP scanning using Nmap
What is TCP?
TCP (Transmission Control Protocol) is a core protocol of the Internet Protocol Suite. It ensures reliable, ordered, and error-checked delivery of data between applications over an IP network.
What is Nmap?
Nmap (Network Mapper) is an open-source tool for network exploration and security auditing. It scans IP addresses and ports to identify live hosts, services, and vulnerabilities.
List of Best Port Scanning Tools
| Cross-Platform (Windows & Linux) | Windows-Only | Linux-Only | Online Scanners |
|---|---|---|---|
| Nmap | Advanced IP Scanner | Netcat (nc) | Shodan |
| Masscan | Hping3 | Pentest-Tools Port Scanner | |
| Unicornscan | YouGetSignal | ||
| RustScan | IPVoid Port Scanner | ||
| Angry IP Scanner |
TCP Scanning
TCP scanning determines which TCP ports on a target are open, closed, or filtered.
Nmap Scan Commands
Basic Scans
# Basic TCP Connect Scan
nmap [TARGET_IP]
# Example:
nmap 192.168.1.1# SYN Scan (Stealth/Half-Open)
nmap -sS [TARGET_IP]
# Example:
nmap -sS 192.168.1.1# Full TCP Connect Scan
nmap -sT [TARGET_IP]
# Example:
nmap -sT 192.168.1.1Advanced Scans
# Service Version Detection
nmap -sV [TARGET_IP]
# Example:
nmap -sV 192.168.1.1# OS Detection
nmap -O [TARGET_IP]
# Example:
nmap -O 192.168.1.1# Aggressive Scan (OS + Version + Scripts + Traceroute)
nmap -A [TARGET_IP]
# Example:
nmap -A 192.168.1.1# SYN + OS + Version
nmap -sS -O -sV [TARGET_IP]
# Example:
nmap -sS -O -sV 192.168.1.1Stealth Scans
| Scan Type | Command | Description |
|---|---|---|
| FIN Scan | nmap -sF [TARGET] | Sends FIN; open ports ignore, closed send RST |
| Xmas Scan | nmap -sX [TARGET] | FIN+URG+PUSH flags set |
| ACK Scan | nmap -sA [TARGET] | Determines filtered/unfiltered |
| Window Scan | nmap -sW [TARGET] | Uses TCP window size |
| Maimon Scan | nmap -sM [TARGET] | FIN+ACK probe |
UDP Scanning
nmap -sU [TARGET]
nmap -sU -sV [TARGET] # With version detectionScan Targeting
# Specific ports
nmap -p 80,443 [TARGET]
# All ports
nmap -p- [TARGET]
# Port range
nmap -p 1-1000 [TARGET]
# Top N ports
nmap --top-ports 100 [TARGET]Script Scanning (NSE)
nmap -sC [TARGET] # Default scripts
nmap --script http-vuln-cve2014-0160 [TARGET] # Specific scriptOutput Options
nmap -oX scan_results.xml [TARGET] # XML
nmap -oN scan_results.txt [TARGET] # Normal
nmap -oG scan_results.gnmap [TARGET] # GrepableTiming & Performance
nmap -T4 [TARGET] # Fast
nmap -T1 [TARGET] # Slow/StealthMultiple Targets
nmap 192.168.1.1-100
nmap -iL targets.txtHow to Install Zenmap (GUI for Nmap)
Windows
- Download: https://nmap.org/download.html
- Run
.exeinstaller ā Includes Nmap + Zenmap - Launch: Start Menu ā Zenmap GUI
Linux (Ubuntu/Debian)
sudo apt update
sudo apt install zenmapNote: Zenmap is deprecated in newer distros. Use
.debfrom nmap.org/dist/ if needed.
macOS
Zenmap not supported. Use CLI Nmap or third-party GUIs (e.g., NmapSI4).