The Phases of Nmap Scans

Basic Nmap Scan

Before starting to learn various phases of Nmap, lets get familiar with basic Nmap scan.
Simplest Nmap scan can be possible is

nmap <target ip or dns name>


Nmap Help :

If you are ever stuck with Nmap and even you don't find solution to that problem in my gitbook than you can also use Nmap help which has given briefing of every option its provides.

nmap --help

Using Nmap we get information about open ports avilable on our target but believe me Nmap is far more than just port scanning. Whenever a Networking Mapping is done using Nmap, scan proceeds in phases.

In this gitbook, we will be mainly focusing on each phase step by step.

  • Target Enumeration
    In this phase Nmap searches for the host which may be combination of DNS names, IP addresses,CIDR network notations and more

  • Host Discovery
    It is also called ping scanning, every network scan begins by first discovering that either our target is online or offline.

  • Reverse-DNS resolution
    Once Nmap is done with host discovery(ping scan), it goes for Reverse-DNS resolution which means (resolving IP address to some domain Name). It is usefull because sometimes hostname provides clues to its function

  • Port Scanning
    As its name conveys about scanning port to classify whether ports are open,closed or filtered.

  • Version Detection
    After port scanning if any port is found open then Nmap has power to determine what server software is running on remote system by sending crafted request and matching the response against a database of thousands of known service signatures.

  • OS Detection
    Different Operating systems implement network standards in different ways. By measuring these differences it is possible to determine the OS runnning on remote host.

  • Traceroute
    It traces path to host by using the results obtained from the above phases.It works faster than the standard traceroute available in our OS like traceroute in windows

  • Script Scanning
    Nmap uses Nmap Scripting Engine(NSE) which uses a collection of special-purpose scripts to gain more information about remote system.

  • Output
    When Nmap is done with all the phases, all the information gathered is saved or say written in a file which can be human readable format, xml format or other

results matching ""

    No results matching ""