33 lines
1.6 KiB
Plaintext
33 lines
1.6 KiB
Plaintext
Nmap is a utility for port scanning large networks, although it works
|
|
fine for single hosts. The guiding philosophy for the creation of nmap
|
|
was TMTOWTDI (There's More Than One Way To Do It). This is the Perl
|
|
slogan, but it is equally applicable to scanners. Sometimes you need
|
|
speed, other times you may need stealth. In some cases, bypassing
|
|
firewalls may be required. Not to mention the fact that you may want
|
|
to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do
|
|
all this with one scanning mode. And you don't want to have 10
|
|
different scanners around, all with different interfaces and
|
|
capabilities. Thus I incorporated virtually every scanning technique I
|
|
know into nmap. Specifically, nmap supports:
|
|
|
|
Vanilla TCP connect() scanning,
|
|
TCP SYN (half open) scanning,
|
|
TCP FIN, Xmas, or NULL (stealth) scanning,
|
|
TCP ftp proxy (bounce attack) scanning,
|
|
SYN/FIN scanning using IP fragments (bypasses packet filters),
|
|
UDP raw ICMP port unreachable scanning,
|
|
ICMP scanning (ping-sweep),
|
|
TCP Ping scanning,
|
|
Remote OS Identification by TCP/IP Fingerprinting, and
|
|
Reverse-ident scanning.
|
|
|
|
nmap also supports a number of performance and reliability features
|
|
such as dynamic delay time calculations, packet timeout and
|
|
retransmission, parallel port scanning, detection of down hosts via
|
|
parallel pings. Nmap also offers flexible target and port
|
|
specification, decoy scanning, determination of TCP sequence
|
|
predictability characteristics, and output to machine parseable or
|
|
human readable log files.
|
|
|
|
For more details, see http://www.insecure.org/nmap/
|