How does Nmap detect hosts in a network with stealth scans

0 votes
Stealth scans are designed to avoid detection. What methods does Nmap use to identify active hosts without alerting firewalls or intrusion detection systems?
Apr 4 in Cyber Security & Ethical Hacking by Anupam
• 16,940 points
70 views

1 answer to this question.

0 votes

​Nmap employs various stealth scanning techniques to identify active hosts on a network while minimizing the risk of detection by firewalls and intrusion detection systems (IDS).

These methods focus on sending packets that are less likely to trigger alerts. Key techniques include:​

1. SYN Scan (-sS):

Also known as half-open scanning, this method sends TCP SYN packets to target ports without completing the full three-way handshake. If a SYN/ACK response is received, it indicates the port is open; Nmap then sends a RST packet to terminate the connection before it's fully established. This approach is less likely to be logged by the target system.

2. FIN Scan (-sF):

This technique sends TCP packets with only the FIN flag set. According to RFC 793, closed ports should respond with a RST packet, while open ports typically ignore the FIN packet. This behavior allows Nmap to infer the port's status.

3. NULL Scan (-sN):

In a NULL scan, Nmap sends TCP packets with no flags set. Similar to the FIN scan, closed ports are expected to reply with a RST packet, whereas open ports usually provide no response. This minimalist approach can evade some detection mechanisms. ​

4. Xmas Scan (-sX):

Named because the packets are "lit up like a Christmas tree," this scan sets the FIN, PSH, and URG flags in TCP packets. The responses are interpreted similarly to FIN and NULL scans, aiding in stealthy port detection.

5. Idle Scan (-sI):

This advanced technique uses a "zombie" host to scan the target, making the scan appear as though it originates from the zombie. By analyzing predictable IP ID sequences from the zombie, Nmap can infer open ports on the target without direct interaction, effectively masking the scanner's identity.

6. Timing and Fragmentation Options:

Nmap offers timing controls (-T0 to -T5) to adjust the scan speed, with slower scans being less likely to trigger alerts. Additionally, packet fragmentation can be employed to split probe packets into smaller segments, potentially bypassing simple signature-based detection systems.

By leveraging these methods, Nmap can effectively identify active hosts and open ports with a reduced risk of detection, facilitating discreet network reconnaissance.​

answered Apr 4 by CaLLmeDaDDY
• 30,300 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

How does ZMap compare to Nmap in network scanning?

ZMap and Nmap are both powerful network ...READ MORE

answered Apr 15 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
37 views
0 votes
1 answer
0 votes
1 answer

How does a Key Distribution Center (KDC) distribute the session key in symmetric encryption?

A Key Distribution Center (KDC) securely distributes ...READ MORE

answered Dec 4, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
134 views
0 votes
1 answer

How do I check if a port is open in Nmap?

To check if a specific port is ...READ MORE

answered Jan 8 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
106 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
759 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
528 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
366 views
+1 vote
1 answer
0 votes
0 answers

How does Nmap detect open ports on a network?

Nmap is a widely used tool for ...READ MORE

Feb 27 in Cyber Security & Ethical Hacking by Anupam
• 16,940 points
75 views
0 votes
1 answer

How does machine learning detect anomalies in port scans?

​Machine learning (ML) models are increasingly employed ...READ MORE

answered Apr 14 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 30,300 points
49 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP