These are a number of different default scans. -f will scan the most common 100 ports used:
nmap -f 192.168.0.9
The preceding is the command to scan the most common ports. Some common examples would be ports 20, 21, 23, 25, and 53, to name a few. This is known as a fast scan.
Scan all 65535 ports
This is the command to scan all ports. There are a total of 65,535 ports. A hacker will not usually employ this type of scan. Instead most hackers will initially use a scanning technique known as half-open scanning. The scan all ports command is better utilized by a threat hunter monitoring the network:
nmap -p- 192.168.0.9
Nmap port scan types
There are many different types of port scan that can be used with Nmap. It is important to know which type of port scan to use depending on your objective. For example, if you want to determine which TCP ports are active on a targeted host, run a TCP port scan. Hackers will often use various port scans to see if they can find a vulnerable open port to use as an attack vector.
Scan using TCP SYN scan (default)
This command determines whether the port is listening. Using this command is a technique called half-open scanning. It is called half-open scanning because you don't establish a full TCP connection. Instead, you only send a SYN packet and wait for the response. If you receive a SYN/ACK response that means the port is listening:
nmap -sS 192.168.1.1
Scan using TCP connect
This is the command to scan using the TCP connect option. If a user does not have raw packet privileges, this is the command they will use:
nmap -sT 192.168.0.9
Privileged access is necessary to perform the default SYN scans. If privileges are not sufficient, a TCP connect scan will be used. A TCP connect scan needs a full TCP connection to be established, and is known to be a slower scan than SYN scans. Disregarding discovery is often required as many firewalls or hosts will not answer to ping, so it could be missed, unless you choose the -Pn parameter. Of course, this can make the scan times much longer as you could end up sending scan probes to hosts that are not even there.
NEXT Page: More commands