Advanced techniques for port scanning tool Nmap

In addition to a basic network scan, Nmap can run specific scans that exploit idiosyncrasies in platforms or protocols. This tip explains how to run these scans to tell the difference betweeen open and closed ports on your customer's network.

Nmap: More port scanning techniques

    Requires Free Membership to View

In our last tip we looked at the basic Nmap commands for scanning network machines and services. In this tip I want to look at some of the scans that exploit certain idiosyncrasies of specific platforms or protocols in order to better differentiate between open and closed ports.

Nmap's TCP Null (option –sN), FIN (option –sF) and Xmas (option –sX) scans exploit a subtle loophole in the TCP protocol specification as described in RFC 793. When scanning systems compliant with this RFC (such as most Unix-based systems), any packet not containing set SYN, RST or ACK bits will result in a returned RST (reset) packet if the port is closed, and no response at all if the port is open. If a RST packet is received, the port is considered closed, while no response means it is open or possibly filtered. The key advantage to these scans is that they can pass through certain non-stateful firewalls and packet-filtering routers.

Read more on custom Nmap scans.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book
IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This tip originally appeared on SearchSecurity.com.

This was first published in December 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.