Nmap Basic Port Scans

• Which service uses UDP port 53 by default?

DNS

• Which service uses TCP port 22 by default?

SSH

• How many port states does Nmap consider?

6

• Which port state is the most interesting to discover as a pentester?

Open

• What 3 letters represent the Reset flag?

RST

• Which flag needs to be set when you initiate a TCP connection (first packet of TCP 3-way handshake)?

SYN

• Launch the VM. Open the AttackBox and execute nmap -sT MACHINE_IP via the terminal. A new service has been installed on this VM since our last scan. Which port number was closed in the scan above but is now open on this target VM?

110

• What is Nmap’s guess about the newly installed service?

POP3

• Launch the VM. Some new server software has been installed since the last time we scanned it. On the AttackBox, use the terminal to execute nmap -sS MACHINE_IP. What is the new open port?

6667

• What is Nmap’s guess of the service name?

IRC

• Launch the VM. On the AttackBox, use the terminal to execute nmap -sU -F -v MACHINE_IP. A new service has been installed since the last scan. What is the UDP port that is now open?

53

• What is the service name according to Nmap?

domain

• What is the option to scan all the TCP ports between 5000 and 5500?

-p5000-5500

• How can you ensure that Nmap will run at least 64 probes in parallel?

--min-parallelism=64

• What option would you add to make Nmap very slow and paranoid?

-T0