| No. | Methods | Positives | Negatives | Code |
|---|---|---|---|---|
| 1 | TCP SYN Scan (-sS) | stealth scanning Half-open scanning Incomplete TCP handshake process Nmap sends SYN packets It does not create any sessions The target computer can’t create any log |
Requires the root/administrator privileged. | # nmap -sS 192.168.1.1 |
| 2 | TCP connect() Scan [-sT] | TCP three way handshake |
Detect on the system being scanned. Connection attempt being logged Log connections and their source IP detect the source of a TCP connect() |
# nmap -sT 192.168.1.1 |
| 3 | UDP Scan (-sU) | Find an open UDP port Reveal information about services or trojans which rely on UDP Microsoft do not limit the Port Unreachable error generation frequency |
Not usually useful for most types of attack firewall blocks outgoing ICMP Port Unreachable messages Most operating systems limit the number of ICMP Port Unreachable messages which can be generated in a certain time period, thus slowing the speed of a UDP scan |
# nmap -sU 192.168.1.1 |
| 4 | FIN, Null, Xmas Tree Scans [-sF, -sN, -sX]> | Each scan type refers to the flags set in the TCP header |
nmap -sS 127.0.0.1 | |
