02 Scan for every occasion

Nmap includes fifteen separate scanning methods, and each scanning technique has its own characteristics, advantages, and disadvantages. Some of these scanning methods are simple to understand and execute, while others are more complex and require additional information before the scan can begin.

Nmap scan summary
This chart summarizes the nmap scans and compares the usability for privileged users. The chart also includes a summary of which scans identify TCP ports and which identify UDP ports

TCYP SYN Scan -sS
The TCP SYN scan uses common methods of port-identification that allow nmap to gather information about open ports without completing the TCP handshake process. When an open port is identified, the TCP handshake is reset before it can be completed.

TCP SYN Scan Operation
Most of the ports queried during the TCP SYN scan will be probably closed. These closed port resopnses to the TCP SYN frame will be met with a RST frame from the destination station.

if nmap recieves an acknowledgement to a SYN request, then the port is open. Nmap then sends an RST to reset the session, and the handshake is never completed.

Example
nmap -sS 192.168.3.126

The scan completed very quickly, in 3.790 seconds, that means we are very closed to this device.

The above is packet captured during the scan.
In the above capture, packet 2 arrived 0.042591 seconds later packet 1, it originated from 192.168.0.107 and the destination was 192.168.30.126, the TCP frame was a SYN frame, from TCP port 52719 to TCP port 22, the summary also include the sequency number, length and MSS (Maxiumu Segment Size) information.

The yellow color is SYN packets, and the red color shows when  a RST is returned.

 the green color one shows, port 3389 is open on the remote device. Remember SYN scan never completes 3 way handshake, the packet 44 shows our nmap station sending RST back to port 3389

Advantages of the TCP SYN Scan
The TCP SYN scan never actually creates a TCP session, so isn't logged by the destination host's applications.

When to use TCP SYN scan
The SYN scan is a common scan when looking for open ports on a remote device, and its simple SYN methology works on all operating systems.

TCP connect() scan -sT
TCP connect scan is helpful if you dont have root access to your system.
The TCP connect() does complete full 3 way handshake because TCP connect completely relys on operating system it needs to complete 3 way handshake before it sends the RST frame.

if the TCP port is closed, then the tcp connect looks identicle to TCP SYN scan.

The TCP connect() scan is smilar to TCP SYN scan
nmap -sT 192.168.1.1

Disadvantages of TCP Connect() scan
The remtoe device will log the scan

Ping Scan
Sometimes you just need to know if the device is on the network, the ping scan is the quickest way you can find out. The ping scan requires only 2 frames, the source device send ICMP echo request, and the remote device sends ICMP echo reply if its on the network.

ping scan to a local subnet use ARP request
example
nmap -sP 192.168.1.0/24

Scan a remtote subnet
nmap -sP 68.35.218.1/24

UDP Scan -sU
UDP is popular on on internet because of the steaming protocols used on the internet to communicate.
nmap -sU 192.168.1.0/24