Nmap Hacking Theory

Following are the states that ports are available in

1. Open                                 Closed

2. Filtered                            Unfiltered

3.  Open / filtered               Closed/Unfiltered

Scanning through Nmap gives you list of ports that are opened or filtered. Most of closed ports are not disclosed as there are almost 65000 ports in a computer for communication.

(Filtered packet : It means the data packets that are sent or received are filtered by firewall to secure it.)

Ok, So ready to hack with Nmap.

There are three types of basic scans you can perform on ports which is as follows :

SYN Scan : It is the most simple & common scan that is used to scan for ports. The scan results are very faster compared to other types , but it gives generalized results.

FIN Scan : FIN scan can detect if any kind of filtered packets or weak firewalls, and warns attacker to create stealth for attacking the victim network.

ACK Scan : Filtered and unfiltered ports can be scanned with this type of port scan. It is the most advanced scanning done with nmap.

Download : Nmap

Hacking With Nmap

So let us start with commands of Nmap operation in Linux:

SYN Scan :

For scanning http://www.sampledomain.com

Type in your terminal of linux:

#nmap -sS -T4 http://www.sampledomain.com         (replace domain or IP you wish to scan at sampledomain.com)

Result will be having three tables :

Port                           State                                 Service

This will give you port number its state open?filtered like that & services will give you what is service running on that ports.

FIN Scan :

#nmap -sF -T4 http://www.sampledomain.com     (replace domain or IP you wish to scan)

Live host & filtered ports are found out with this method

ACK Scan :

#nmap -sA -T4 http://www.sampledomain.com     (replace domain or IP you wish to scan)

All closed ports are eliminated with this ACK scan. And you’ll only see ports that are up for attack.

So this was a basic Nmap hacking or port scanning tutorial. You can also find OS running, web server & mail server scanning & this data can be used as Passive attack gathering stage which we have discussed in pre attack stages.