Using Additional Nmap Commands

There are many variations and many new and different commands that can be used for port scanning on networks that are to be attacked. There are many other options and parameters for doing things like sending FIN, ACK, and XMAS packet at specified selected ports. These commands should be practised by security testers until they are second nature. For this purpose, Fyodor has come up with a quite useful help page known as a “man page” amongst people who are well-versed in UNIX and Linux lingo. This man page can be used as a resource for this purpose and it is wise to have a look at this page before proceeding to try the hand on any of the additional commands.

To start on this, if the Konsole shell is not open, boot the system into Linux with the help of the BackTrack DVD. Open the Konsole shell and type man nmap in the command prompt. Press Enter. It will be clear that this command gives a lot more info as compared to the nmap –h comand. It is not needed to memorize the manual; rather one should be ready to use it when needed. Run Tcpdump on another Konsole shell after closing the first; this displays the traffic generated from the created packets. Tcpdump is for analyzing packets. It is good to let it run in the back so as to get to view the packets when they are created. Tcpdump –h gives the parameters that can be used with this. “man tcpdump” gives the help manual. The Nmap pages can be referred to for guidance in order to send FIN packets to 5 systems within your specified range. Then XMAS packets can be sent to the same systems. ACK packets can follow the XMAS ones. The results can be utilized to see exactly the kind of responses that your system receives upon sending each one of the above-mentioned types of packets to the above-mentioned systems.