Different types of scans
Default scan – if we just run nmap, we get basic top level common ports that are open. Not sending and UDP, OS enumeration, etc
-sN – Ping scan. Sends ARP packets across local network to see whats online
-sN (run as root)- If you want to use ICMP pings to scan. This doesnt have it defaulted as sometimes things dont respond to pings
-sV – looks for service information and version numbers
-sC – Custom scripts built into Nmap
-O – Gives operating system information
-A – Think ALL. Gives OS and other information
-sS – Stealth scan. Doesnt complete the handshake. Sends Syn, receives a ACK. Then drops it. 1024 bytes
-sT – This sends SYN, it sends SYN-ACK back, Then we send a reset. This size is much larger than the 1024 bytes. Risk means this may be logged on the other side
-sX – Christmas scan.
Blue Team
If you locate any Receiving connections for 1024 bytes, it is most likely Nmap
Scripts
/usr/nmap/share/nmap/scripts – default location for scripts
Updating scripts – nmap –script-updatedb
-sC – this is for custom default scripts
To specify specific script – –script “script name”