Host and Port Scanning

After we have found out that our target is alive, we want to get a more accurate picture of the system. The information we need includes:

Open ports and its services
Service versions
Information that the services provided
Operating system

States of a Port Scan

Scanning Top 10 TCP Ports

sudo nmap 10.129.2.28 --top-ports=10

Trace nmap port scan

z3tssu@htb[/htb]$ sudo nmap 10.129.2.28 -p 21 --packet-trace -Pn -n --disable-arp-ping

# --packet-trace = shows all packets sent and received
# -n = Disables DNS resolution
# --disable-arp-ping = Disables ARP Ping

TCP Connect Scan on Port 443 (-sT)

This command connects and scans TCP port 443 using a TCP connect scan (-sT), including packet tracing and additional output details.

sudo nmap 10.129.2.28 -p 443 --packet-trace --disable-arp-ping -Pn -n --reason -sT

UDP Port Scan (-sU)

This command performs a UDP port scan. The -F flag is used to check the 100 most common ports.

sudo nmap 10.129.2.28 -F -sU

Note: The -F option checks the top 100 ports.

Service Version Scan (-sV) on Port 445

This command conducts a version scan on TCP port 445 with packet tracing and additional output details.

sudo nmap 10.129.2.28 -sV -Pn -n --disable-arp-ping --packet-trace -p 445 --reason

PreviousHost Discovery NextSaving the Nmap Scanning Results

Last updated 1 year ago