Skip to content

How to use NMAP – which is the “right” NMAP scan to use?


Each NMAP scan serves a different purpose – it’s important to select the right scan.  The 4 most popular scans are below:


NMAP Scan Options

TCP SYN Scan -sS

This starts the TCP 3 way handshake, but does not complete this handshake. Therefore it is also called the “STEALTH SCAN” or “half open scanning”.

tcp syn scan

TCP Connect -sT

This scan completes the TCP 3 way handshake – which means the victims gets your IP details.  This is the most reliable scanner for your internet network, or where you are authorised to scan.  However, as a hacker this is NOT the scan to use – as you’ll be detected by the victim.

tcp connect scan

Ping Scan -sP

This sends an ICMP echo request, and waits for an ICMP echo reply.  Many systems have ICMP blocked at their Firewalls, so this may not work for you.

tcp ping scan

UDP Scan -sU

This sends a UDP packet to the victim and waits for a UDP reply.  UDP is a connectionless protocol.  Remember that a TCP port 80, is totally different to a UDP port 80.  If both are open, then you have 2 attack platforms.

udp scan


How to select the right scan?

nmap scan summary

Ask yourself two questions…

– Do I want to be detected?  On your home network, you can use more “noisy” scans that are detected by IDS systems.  The answer to this depends on whether you are “authorised” to scan the network.  If you are authorised, then the more powerful “privileged access” scans are available to you.

– Is the open port using TCP or UDP?  The 2 protocols are totally different, TCP is a “connection orientated” protocol; this is similar to DHL or UPS – it’s barcoded and tracked.  They ensure delivery and will redeliver the packet if no-one is at home.  UDP is a connectionless protocol; this is similar to the newspaper boy, who flings the newspaper through your letterbox.  If he delivers your paper to the wrong house – tough,  he can’t be doing with redelivery, tracking id’s and barcodes.

This is the key distinction between TCP and UDP – it’s the difference between sending your parcel DHL or your local paperboy.  Who would you trust?  TCP is for valuable items; UDP is for voice, video, skype, high speed connections, that can suffer “jitter” as long as we don’t have to wait forever.  Speed is critical in understanding the use of UDP for applications.

Full credit to

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: