Notes

Port Scanning Techniques

SYN, UDP, version detection, and OS fingerprinting — when to use which.

Published
Read time
1 min read
Topics
networkscanningrecon

SYN Scan (default)

nmap -sS 10.10.10.5

Sends SYN, waits for SYN-ACK. Never completes the handshake. Fast, stealthy(ish), requires root.

UDP Scan

nmap -sU 10.10.10.5

Slow. ICMP port-unreachable = closed. No response = open|filtered.

Version Detection

nmap -sV 10.10.10.5

Sends probes to open ports, matches against service fingerprint DB.

OS Fingerprinting

nmap -O 10.10.10.5

Needs at least one open and one closed port to work reliably.

← Back to Notes