NMAP – How to run packet traces on Windows 7 – The Visual Guide
NMAP on Windows 7 can run a packet tracer. Always scan the absolute minimum of ports when packet tracing.
Step 1 – Zenmap (NMAP on Windows).
Scan for an active host and ports using the -sS SYN Stealth Scan. Use the 192.168.1.*/24 to scan the home network.
nmap -sS 192.168.1.*/24
Step 2 – Find the open ports on a single device
Step 3 – Use the –packet-trace
To discover all packets sent and received, we packet trace on a single IP. The first time you packet trace, use this command to ensure that you’re getting output.
nmap –packet-trace 192.168.1.64
We can packet trace on a single port – for instance port 23 for Telnet services.
nmap -p23 -d –packet-trace 192.168.1.64
nmap -p 23,21,139 -d –packet-trace 192.168.1.64
The syn-acks for open ports are shown in green.
Step 3 – How NMAP interprets the SYN probe
TCP SYN/ACK Response = Open Port
TCP RST Response = Closed
No Response = Filtered
ICMP Unreachable error = Filtered
Look in the packet tracer logs for an SA or an RA.
An SA or SYN-ACK means the port is open and responding.
An RA or RESET ACK means the port is closed.
Anything else indicates a firewall and filtering.
Professor Messer Guide to NMAP
Download NMAP with Windows Installer (Zenmap)
Nmap Commands – Cyberciti
NMAP SCANNING Book – Written by the developer of NMAP **AMAZING STUFF