Nmap has four primary scans, the default stealth scan is the SYN Scan or -sS option.
Fact 1 – The SYN Stealth Scan -sS
- DEFAULT scan if you have ROOT or ADMIN privileges.
- You need ROOT or ADMIN access to run the -sS scan
- STEALTH Scan – never creates a session, very quiet, not recorded in application logs
Fact 2 – Never completes the 3 way handshake
Nmap sends a SYN to start the session.
The Server responds with a SYN-ACK.
Nmap sends a RST to ABORT the connection.
The 3 way handshake is never completed. This is also called “Half Open” scanning, or the stealth scan.
If you’re hacking someone, this is your scan of choice.
- Identifies OPEN ports – the server sends a SYN-ACK – this is how NMAP knows the port is open
- Identifies Closed ports – the servers sends a RST – so NMAP knows the…
View original post 267 more words