Skip to content

NMAP – How to run an NMAP -sS SYN Stealth Scan on Windows 7 – The Visual Guide


Nmap has four primary scans, the default stealth scan is the  SYN Scan or -sS option.

Fact 1 – The SYN Stealth Scan -sS

  • DEFAULT scan if you have ROOT or ADMIN privileges.
  • You need ROOT or ADMIN access to run the -sS scan
  • STEALTH Scan – never creates a session, very quiet, not recorded in application logs

Fact 2 – Never completes the 3 way handshake

Nmap sends a SYN to start the session.

The Server responds with a SYN-ACK.

Nmap sends a RST to ABORT the connection.

tcp syn scan

The 3 way handshake is never completed.  This is also called “Half Open” scanning, or the stealth scan.

If you’re hacking someone, this is your scan of choice.

  • Identifies OPEN ports – the server sends a SYN-ACK – this is how NMAP knows the port is open
  • Identifies Closed ports – the servers sends a RST – so NMAP knows the port is closed
  • If target is behind a firewall, no response is received – this is how NMAP knows the port has been suppressed therefore the port is filtered
  • Whereas the -sT or TCP Connect scan is the scan of last resort.


1. It requires Root or ADMIN rights.

2. Generates a lot of RST’s on the network… which will be noticed.


Step 1 – Syntax

nmap -sS    {just one IP}

nmap -sS –open 192.168.1.* {Just open connections – nice clean output}

nmap -sS   {for the entire subnet in CIDR notation}

nmap -sS  192.168.0.* -p 80, 8080, 8000 -sV -vv   { for multiple ports on a subnet}

zenmapnmap -sS –open 192.168.1.*

nmap open

Windows version of NMAP Gui is called Zenmap – above we used the 192.168.1.*/24 notation.

NMAP will then list open ports, and identify the router, printers etc.

Other fun scans:

nmap -p 80 {TCP and UDP on port 80}

nmap -p U:53 {UDP on port 53 ie DNS}

nmap -p 80,443 {just 2 ports}

nmap -p 80-200

nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080

nmap –top-ports 5 {Top 5 ports}

nmap –top-ports 10 {Top 10 ports}

nmap top ports



Professor Messer Guide to NMAP

Download NMAP with Windows Installer (Zenmap)

Nmap Commands – Cyberciti

NMAP SCANNING Book – Written by the developer of NMAP **AMAZING STUFF



Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: