NMAP – How to run an NMAP -sS SYN Stealth Scan on Windows 7 – The Visual Guide

University of South Wales: Information Security & Privacy

Nmap has four primary scans, the default stealth scan is the  SYN Scan or -sS option.

Fact 1 – The SYN Stealth Scan -sS

  • DEFAULT scan if you have ROOT or ADMIN privileges.
  • You need ROOT or ADMIN access to run the -sS scan
  • STEALTH Scan – never creates a session, very quiet, not recorded in application logs

Fact 2 – Never completes the 3 way handshake

Nmap sends a SYN to start the session.

The Server responds with a SYN-ACK.

Nmap sends a RST to ABORT the connection.

tcp syn scan

The 3 way handshake is never completed.  This is also called “Half Open” scanning, or the stealth scan.

If you’re hacking someone, this is your scan of choice.

  • Identifies OPEN ports – the server sends a SYN-ACK – this is how NMAP knows the port is open
  • Identifies Closed ports – the servers sends a RST – so NMAP knows the…

View original post 267 more words


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s