31 lines
1.5 KiB
Plaintext
31 lines
1.5 KiB
Plaintext
|
Nmap is a utility for port scanning large networks, although it works
|
||
|
fine for single hosts. The guiding philosophy for the creation of nmap
|
||
|
was TMTOWTDI (There's More Than One Way To Do It). This is the Perl
|
||
|
slogan, but it is equally applicable to scanners. Sometimes you need
|
||
|
speed, other times you may need stealth. In some cases, bypassing
|
||
|
firewalls may be required. Not to mention the fact that you may want
|
||
|
to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do
|
||
|
all this with one scanning mode. And you don't want to have 10
|
||
|
different scanners around, all with different interfaces and
|
||
|
capabilities. Thus I incorporated virtually every scanning technique I
|
||
|
know into nmap. Specifically, nmap supports:
|
||
|
|
||
|
Vanilla TCP connect() scanning,
|
||
|
TCP SYN (half open) scanning,
|
||
|
TCP FIN, Xmas, or NULL (stealth) scanning,
|
||
|
TCP ftp proxy (bounce attack) scanning,
|
||
|
SYN/FIN scanning using IP fragments (bypasses packet filters),
|
||
|
UDP raw ICMP port unreachable scanning,
|
||
|
ICMP scanning (ping-sweep),
|
||
|
TCP Ping scanning,
|
||
|
Remote OS Identification by TCP/IP Fingerprinting, and
|
||
|
Reverse-ident scanning.
|
||
|
|
||
|
nmap also supports a number of performance and reliability features
|
||
|
such as dynamic delay time calculations, packet timeout and
|
||
|
retransmission, parallel port scanning, detection of down hosts via
|
||
|
parallel pings. Nmap also offers flexible target and port
|
||
|
specification, decoy scanning, determination of TCP sequence
|
||
|
predictability characteristics, and output to machine parseable or
|
||
|
human readable log files.
|