Scanning can be roughly divided into:
- Open TCP scanning
- Stealth TCP scanning
- UDP scanning
- SCTP scanning
- IPv6 scanning
UDP scan be done using nmap by running
nmap -sU 10.10.10.10A port is assigned a service to run on, and every service has a specific version.
Version detection using nmap
nmap -sVBelow we list several techniques for reducing nmap scanning time.
- Limit the number of ports (e.g. default 1000)
- Port scan (
-sn) can be skipped if only liveness of hosts needs to be checked. - Avoid advanced scan types (
--traceroute)
Optimizing time parameters. Consider -T option for nmap
-T<0-5>: Set timing template (higher is faster)Separate TCP and UDP scanning into different scans.