Nmap is one of the most popular tools used by ethical hackers. Its ease of use and clean installation and provide powerful scanning options, adds to its popularity. This nmap tutorial gives you an idea of different nmap scanning techniques.

What is Nmap?

Nmap (Network Mapper) is the leading security scanner, written in C/C++, it is useful to discover hosts, to map and scan networks, hosts and ports and by implementing the NSE (Nmap Scripting Engine) you can also detect vulnerabilities on your target.

Installing Nmap on Linux

apt install nmap

Nmap Scan Types


A TCP scan is generally used to check and complete a three-way handshake between you and a chosen target system. A TCP scan is generally very noisy and can be detected with almost little to no effort. This is “noisy” because the services can log the sender IP address and might trigger Intrusion Detection Systems.


UDP scans are used to check whether there is any UDP port up and listening for incoming requests on the target machine. Unlike TCP, UDP has no mechanism to respond with a positive acknowledgment, so there is always a chance for a false positive in the scan results. However, UDP scans are used to reveal Trojan horses that might be running on UDP ports or even reveal hidden RPC services. This type of scan tends to be quite slow because machines, in general, tend to slow down their responses to this kind of traffic as a precautionary measure.


This is another form of TCP scan. The difference is unlike a normal TCP scan, nmap itself crafts a syn packet, which is the first packet that is sent to establish a TCP connection. What is important to note here is that the connection is never formed, rather the responses to these specially crafted packets are analyzed by Nmap to produce scan results.


ACK scans are used to determine whether a particular port is filtered or not. This proves to be extremely helpful when trying to probe for firewalls and their existing set of rules. Simple packet filtering will allow established connections (packets with the ACK bit set), whereas a more sophisticated stateful firewall might not.


Also a stealthy scan, like the SYN scan, but sends a TCP FIN packet instead. Most but not all computers will send an RST packet (reset packet) back if they get this input, so the FIN scan can show false positives and negatives, but it may get under the radar of some IDS programs and other countermeasures.

Nmap Commands

1.Namp TCP syn port scan

nmap -sS

2.Namp  TCP connect port scan

nmap -sT

3.Namp TCP ack port scan

nmap –sA

4.Namp Operating System Detection

nsmap -O

5.Namp Script for Vulnerability Scanning

nmap -Pn –script vuln

6.Namp Service Version Detection

 nmap -sV

Categories: Hacking


Leave a Reply

Your email address will not be published. Required fields are marked *