Getting Started with Nmap Switches

TryHackMe - Network Security - Write Up

Hey hackers! Take a look below!

Nmap short for Network mapping is used to scan network ports and scanning ports is an important step and should be one of the first steps a hacker takes before an attack. It attaches itself to the target’s network ports and determines the ‘status’ of the port whether it is open, closed, or filtered. The open ports are then investigated and the services enumerated that are running on the varying ports using Nmap.

Task 2 :

For the third question, well-known ports are from 0–1023 therefore inclusive of port 0 there would be a total of 1024 well-known ports.

Also just for future reference:

• Registered ports - 1024 to 49151.
• Dynamically used by applications — 49152 to 65535.

Nmap switches:

For a list of the switches, we can use the command nmap — h in our Kali Linux terminal window. Here goes a list of my answers for task 3.

I will note three questions that were the most challenging:

• What is the first switch listed in the help menu for a ‘Syn Scan’

Syn Scan was not explicitly written as -sS Syn Scan so I had to look at the description provided and notice ‘/’ after SYN and scan at the end of the various SYN to get the answer to this question.

• How would you tell Nmap to scan all ports?

The answer to this was not stated in the menu but I knew based on the help menu that to find a specific port I would type the command -p80 for port 80 and for a range of ports I would type -p 1024–4000 and with the use of google I learned that the answer was -p-.

• How would you activate all of the scripts in the “vuln” category?

This was probably the most difficult question in the section. I got the answer without google’s help this time :’). I got the answer with the help of the second script command under the SCRIPT SCAN menu and the hint. So based on those to get the vuln category I had to use the command — -script=vuln.

Thank you for reading on my journey through so far in the Nmap room.