Nmap, also known as Network Mapper, is a flexible and robust tool for network discovery and security scanning. It is used to discover hosts and services on a computer network, thereby constructing a “map” of the network. Here is a comprehensive technical guide on how to use Nmap to secretly or non-intrusively scan hosts.

A stealthy or ‘unnoticeable’ scan can be performed using different scanning methodologies that might not be easily detected by Intrusion Detection Systems (IDS) or firewalls:

1. SYN scan (-sS): SYNs scan or half-open scanning is the most popular form of stealth scanning. Nmap sends a SYN packet and waits for a response. If a SYN/ACK is received, the port is classified as open, and Nmap does not complete the three-way handshake to open a full connection, making it harder to detect.

1. FIN scan (-sF), Xmas tree scan (-sX), and Null scan (-sN): In these scans, Nmap sends TCP packets with different control flags (like FIN, URG, and PSH) set. Since these scan types subvert the standard TCP three-way handshake, they are less likely to be noticed by an IDS.

In all types of stealth scans, the machines you’re scanning won’t log the connection, but firewalls and network intrusion systems could still potentially identify the scan as per the Bell Labs’ analysis.

Here’s how you could perform a stealth SYN scan using Nmap:

nmap -sS -T4 target

Here, ‘-sS’ initiates a SYN scan and ‘-T4’ adjusts the timing template to ‘aggressive.’ This command will scan a target with a stealth SYN scan in an aggressive fashion. You can replace ‘target’ with the IP or URL of your target host.

Similarly, you can perform an Xmas tree scan or a Null scan using the ‘-sX’ and ‘-sN’ flags respectively in the command line.

Nmap is an open-source tool that comes with exhaustive documentation. To learn about the different options available and to gain a deeper understanding of how these stealth scans work, you can refer to the official Nmap documentation.

While stealth scans can be advantageous, it’s important to remember that ethical considerations have to be paramount. You must always have permission to scan any network or host. Misusing these tools can lead to legal and ethical issues.

Sources:
1. “Nmap Documentation.” Nmap.org
2. “Stealth SYN scanning with nmap.” Watchguard.com
3. “Stealth scans, firewall logs, and intruder disinformation.” Researchgate.net.

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP