# NMAP SCANS

{% embed url="<https://linux.die.net/man/1/nmap>" %}
Nmap Man Pages
{% endembed %}

## Perform A TCP Port Scan Using Nmap

### Background

Nmap is a network exploration and security auditing tool. It can be used to identify hosts and services on a network, as well as security issues. Nmap can be used to scan for vulnerable open ports on systems.

When scanning for open ports on a target system, the nmap tool can be used to identify the TCP ports that are open. This can be useful for understanding which services are running on a system and for securing these services by implementing firewalls or other security measures.

The different flags in nmap are used to change the behavior of the scan.

### Tags that could be utilized:

-sS: This is a TCP SYN Scan. Used for quickly scanning many ports with a half-connection

-sT: This is a full TCP connection Scan

### Examples:

`sudo nmap -sS [HOST_ADDR]`:

<figure><img src="https://1305929913-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlapqrpN4sXz7jqsMPRUD%2Fuploads%2FIE70ubU7De9qHMJB3xBY%2Fimage.png?alt=media&#x26;token=a51a6c27-30e5-4b73-8920-90b825593639" alt=""><figcaption><p>Shows the open port 80</p></figcaption></figure>

`sudo nmap -sT [HOST_ADDR]`:

<figure><img src="https://1305929913-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlapqrpN4sXz7jqsMPRUD%2Fuploads%2FeNjmOElXi87r2M99EfWt%2Fimage.png?alt=media&#x26;token=f0a1b874-4436-444e-92b8-16a3c644d3d6" alt=""><figcaption><p>This command shows the same scan but is slightly louder within a network as it has to make a full connection. </p></figcaption></figure>

### Background

Nmap is a network exploration and security auditing tool. It can be used to identify hosts and services on a network, as well as security issues. Nmap can be used to scan for vulnerable open ports on systems.

One of the many benefits of using Nmap is its ability to identify open UDP ports on a target system. This can be quite useful when trying to determine what services are running on a system as well as what versions of those services are in use. Additionally, Nmap can be used to fingerprint devices and applications that are communicating over UDP. By identifying the specific ports and applications that are in use, you can better understand the security posture of a target system.

The different flags in nmap are used to change the behavior of the scan.

### Exercise

Use Nmap to perform UDP port scans against a remote target machine.

### Learning Objective(s)

Scanning and fingerprinting open ports is a key skills employed in almost every penetration testing engagement.

### Tags that could be utilized:

-sU: uses UDP to run a scan for UDP services such as DNS, SNMP, and DCHP.&#x20;

### Example:

`sudo nmap -sU [HOST_ADDR]`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dthomsen.gitbook.io/mcsi/security-tools/nmap-scans.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.