Port Specification and Scan Order:

Option -p:

This option specifies which ports you want to scan and overrides the default. Individual port numbers are OK, as are ranges separated by a hyphen (e.g. 1-1023).

Option -F (Fast (limited port) scan):

Scan only the ports listed in the nmap-services file.

Option -r:

By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons). This randomization is normally desirable, but you can specify -r for sequential port scanning instead.

Service/Version Detection:

Option -sV:

Enables version detection.

Option –version-intensity <intensity> (Set version scan intensity):

When performing a version scan (-sV), nmap sends a series of probes, each of which is assigned a rarity value between 1 and 9. The lower-numbered probes are effective against a wide variety of common services, while the higher numbered ones are rarely useful. The intensity level specifies which probes should be applied. The higher the number, the more likely it is the service will be correctly identified. However, high intensity scans take longer. The intensity must be between 0 and 9. The default is 7.

Same scan as above with intensity 9. There is no differance same was true for intensity 2,4,6.

Option –version-light (Enable light mode):

This is a convenience alias for –version-intensity 2. This light mode makes version scanning much faster, but it is slightly less likely to identify services.

Same result as above.

Option –version-all (Try every single probe)

An alias for –version-intensity 9, ensuring that every single probe is attempted against each port.

Same result as above.

Option –version-trace (Trace version scan activity)

This causes Nmap to print out extensive debugging info about what version scanning is doing. It is a subset of what you get with –packet-trace.

Mostly debugging information. Result truncated.

OS Detection:

Option -O (Enable OS detection):

Option -O2(2nd Generation OS Detection Only):

Enables 2nd generation OS detection, but never falls back to the old (1st generation) system, even if it fails to find any match. This saves time and can reduce the number of packets sent to each target.

Option -O1(1nd Generation OS Detection Only):

Tells Nmap to only use the old OS detection system. If -O2 just gives you a fingerprint to submit, but you don’t know what OS the target is running, try -O1. But in that case, don’t submit the fingerprint as you don’t know for sure whether -O1 guess correctly. If it was perfect, we wouldn’t have bothered to create -O2.

This option, and all other vestiges of the old OS detection system, will likely be removed in late 2006 or in 2007.

Option –osscan-limit (Limit OS detection to promising targets):

OS detection is far more effective if at least one open and one closed TCP port are found. Set this option and Nmap will not even try OS detection against hosts that do not meet this criteria. This can save substantial time, particularly on -P0 scans against many hosts. It only matters when OS detection is requested with -O or -A.

Option –osscan-guess; –fuzzy (Guess OS detection results)

When Nmap is unable to detect a perfect OS match, it sometimes offers up near-matches as possibilities. The match has to be very close for Nmap to do this by default. Either of these (equivalent) options make Nmap guess more aggressively. Nmap will still tell you when an imperfect match is printed and display its confidence level (percentage) for each guess.

Option –max-os-tries (Set the maximum number of OS detection tries against a target)

When Nmap performs OS detection against a target and fails to find a perfect match, it usually repeats the attempt. By default, Nmap tries five times if conditions are favorable for OS fingerprint submission, and twice when conditions aren’t so good. Specifying a lower –max-os-tries value (such as 1) speeds Nmap up, though you miss out on retries which could potentially identify the OS. Alternatively, a high value may be set to allow even more retries when conditions are favorable. This is rarely done, except to generate better fingerprints for submission and integration into the Nmap OS database. This option only affects second generation OS detection (-O2, the default) and not the old system (-O1).

Hacking Hacking Linux News News Software Review Hacking Tools News Nmap Software Review

Continue Reading This Post:12345678