Info: Command line tool that sends specially crafted packets to target
host(s) in a network. It can discover hosts and services based on responses received.

Port Scan Results
Open = Application is accepting connections
Closed = No application is listening
Filtered = Probes aren’t reaching the port (Usually indicates a firewall)

Commands
nmap -sS
SYN Scan (default and most popular)
Can scan 1000 ports per second
Never completes the TCP connection

nmap -sT
TCP Connect Scan
Uses the Operating System to send packets
Completes the TCP connection (less stealthy)

nmap -p
Specifies the port to scan (override defaults)

nmap -O
Enables OS detection by using fingerprinting of the TCP/UDP packet
received

nmap -Pn
Skips the host discovery
Treats all hosts in the range as online

nmap –iL
Scan targets from a text file

nmap –T
Sets the timing for the scan
T0 – Paranoid (one port every five minutes)
T1 – Sneaky (one port every 15 seconds)
T2 – Polite
T3 – Normal
T4 – Aggressive
T5 – Insane

Nmap Output
-oN Normal output format
nmap -oN outputfile.txt target
-oG Grepable output format
nmap -oG outputfile.txt target
-oX XML output format
nmap -oX outputfile.xml target
-oA Combined format with all of the above
nmap -oA outputfile target