Nmap Advanced Port Scans
The basic scans get caught. Firewalls block SYN, log ACK, and rate-limit ICMP. Advanced scanning techniques let you work around defensive controls, spoof your identity, hide in decoy traffic, and map firewalls themselves. This room covers Null, FIN, and Xmas scans that exploit TCP flag handling; Maimon, Window, and ACK scans for firewall interrogation; source IP spoofing and decoy lists for attribution evasion; packet fragmentation to bypass signature detection; and the idle scan — one of the most elegant techniques in network recon — which lets you port scan a target while appearing as a completely different host.
Skills You Will Learn
Prerequisites
- thm-nmap02
- nmap-basics
- port-scanning
- tcp-fundamentals
Walkthrough Phases
Null, FIN, and Xmas Scans
Use TCP flag manipulation to scan past firewalls that block SYN
Window, ACK, and Custom Scans
Map firewall rules and distinguish filtered from unfiltered ports
Spoofing, Decoys, and Fragmentation
Scan without revealing your true IP and bypass signature-based detection
Idle (Zombie) Scan
Perform a truly anonymous port scan using a zombie host as a proxy