Nmap Port Scan Types
Command | Description |
---|---|
| Connect Scan (Default without root privileges)/ Scan using TCP connect |
| Scan using TCP SYN scan (default) |
| UDP Scan |
| ACK Scan |
| Window Scan |
| Maimon Scan |
| No Scan, list targets only |
| List scan |
| Disable host discovery, port scanning |
| SYN Discovery on port x, port 80 by default |
| UDP discovery on port x, port 40125 by default |
| ACK discovery on port x, port 80 by default |
| ARP discovery on local network |
| Never do DNS resolution |
| Scan for port x |
| Port Range |
| Scan multiple TCP and UDP ports |
| Scan all ports |
| Port scan from service name |
| Fast port scan (100 ports) |
| Scan fragmented IP packets |
| Set own offset size x |
| Scan the top x ports |
| Aggressive service discovery |
| Light banner grabbing |
| Enable light mode, lower possibility of correctness |
| Enable intensity level 9. Higher possibility of correctness |
| Limit OS detection to promising targets |
| Guess OS detection results |
| Set maximum number of OS detection tries against a target |
| Scan UDP ports |
| Scan selected ports - ignore discovery |
| Identify open ports and services |
| Identify HMI systems |
| Scan Siemens SIMATIC S7 PLCs |
| Scan Modbus Devices |
| Check the status of isakmp over port 500 |
| ScanBACnet Devices |
| Scan Ethernet/IP Devices |
| Scan Niagara Fox Devices |
| Scan ProConOS Devices |
| Scan Omron PLC Devices |
| Scan PCWorx Devices |
Last updated