The Phases of Nmap Scans
Basic Nmap Scan
Before starting to learn various phases of Nmap, lets get familiar with basic Nmap scan.
Simplest Nmap scan can be possible is
nmap <target ip or dns name>
Nmap Help :
If you are ever stuck with Nmap and even you don't find solution to that problem in my gitbook than you can also use Nmap help which has given briefing of every option its provides.
nmap --help
Using Nmap we get information about open ports avilable on our target but believe me Nmap is far more than just port scanning. Whenever a Networking Mapping is done using Nmap, scan proceeds in phases.
In this gitbook, we will be mainly focusing on each phase step by step.
Target Enumeration
In this phase Nmap searches for the host which may be combination of DNS names, IP addresses,CIDR network notations and moreHost Discovery
It is also called ping scanning, every network scan begins by first discovering that either our target is online or offline.Reverse-DNS resolution
Once Nmap is done with host discovery(ping scan), it goes for Reverse-DNS resolution which means (resolving IP address to some domain Name). It is usefull because sometimes hostname provides clues to its functionPort Scanning
As its name conveys about scanning port to classify whether ports are open,closed or filtered.Version Detection
After port scanning if any port is found open then Nmap has power to determine what server software is running on remote system by sending crafted request and matching the response against a database of thousands of known service signatures.OS Detection
Different Operating systems implement network standards in different ways. By measuring these differences it is possible to determine the OS runnning on remote host.Traceroute
It traces path to host by using the results obtained from the above phases.It works faster than the standard traceroute available in our OS like traceroute in windowsScript Scanning
Nmap uses Nmap Scripting Engine(NSE) which uses a collection of special-purpose scripts to gain more information about remote system.Output
When Nmap is done with all the phases, all the information gathered is saved or say written in a file which can be human readable format, xml format or other