Nmap common scanning parameters and description
-sT Tcp connect() scan, this method will record a large number of connection requests and error messages in the log of the target host
-sS half-open scan, few systems can record it in the system log. (Requires root privileges)
-sF -sN Secret FIN packet scanning, Xmas Tree, Null scanning mode
-sP ping scanning, Nmap will use ping scanning by default when scanning ports, and Nmap will continue scanning only if the host is alive
-sU UDP Scanning (unreliable)
-sA advanced scanning method, used to pass through the firewall
-sV detection port service version
-P0 before scanning does not need to use ping (some firewalls will prohibit the ping command)
-v display scanning process
-h help option
-p specify Port, such as "3389"
-O enable remote operating system detection (inaccurate)
-A full system detection, enable script detection, etc.
-oN/-oX/-oG write the report to a file, (normal, XML, grepable three formats )
-T4 prohibits the delay of dynamic scanning of TCP ports exceeding 10ms
-iL reads the host list
Some students may be curious about what Xmas Tree scanning mode looks like. Let me introduce you:
This scanning mode sends tcp packets with the following flags:
**URG:** indicates urgent data and should be processed immediately.
**PSH:** Force data to be pressed into the buffer.
**FIN:** Used when ending a TCP session.
Under normal circumstances, the three flags cannot be set at the same time, but in this scan it can be used to determine which ports are closed or open.
When the port is open: Send URG/PSH/FIN, no response
Port closed: Send URG/PSH/FIN, no response, but response RST (TCP connection terminated abnormally)
The principle of XMAS scanning is similar to that of NULL scanning. The ACK, FIN, RST, SYN, URG, and PSH flags in the TCP packet are sent to the target host. When the target port is open, the target host will not return any information.
My own note, everyone is welcome to point out and criticize