Nmap - TCP Connect & Stealth (SYN) Scanning
Skills:
Network Security90%
Key Takeaways
The video demonstrates how to perform TCP connect and Stealth scanning using Nmap, a free and open-source network scanner, and explains their differences in terms of speed and detection. Nmap is used for host discovery, service detection, and operating system detection on computer networks.
Full Transcript
hey guys hackersploit here back again with another video welcome back to the penetration testing boot camp in this video we're going to be talking about the um we're going to be talking about nmap scans uh more specifically we're going to be talking about the connect scans or the tcp connect scans and then the half open syn scans or stealth scanning as it's called right so let's start off with your tcp connect or the full open scan right so this scan the reason it it's actually called a tcp connect scan is because it actually establishes a three-way connection and the reason it does this is to give us a more accurate result when talking about service and operating system enumeration and generally speaking the accuracy of the of the information you're getting in regards to what ports are open what ports are closed so on and so forth now of course that comes with an additional or an added disadvantage and that is that these scans are typically very slow because you're going through it's connecting to every port individually so it's actually performing or establishing a tcp connection with every port and when i say that i mean the entire connection so syn synack and then of course ack and then it resets it using the rst tcp flag right and uh when talking about the full open scan of course these scans based on um based on the type of connection they're trying to establish with a particular port these are very easily these are very easy to detect and prevent through firewalls right so that's why you typically don't see this scan being used but in the event you there's really nothing preventing you from performing these scans it's a very accurate way of getting results and the way you run it is by typing nmap st right so that is your tcp connect scan and then we type in the ip address so 192.168.1.38 now in this case i don't want to waste too much time with the scanning process so i'll limit the ports to i'll say port 22 or 0.21 and i'll limit the port to maybe something like let's see 8080 right and it's only going to scan for services or the ports between that range so i can just hit enter and we're going to let that scan run and of course this is going to take time because as i said it's connecting to every port and it's establishing the three-way handshake on every port so i'm gonna let this scan complete all right so the scan is complete and it went through the port range and it's given us the various ports and the services remember we've not included service enumeration which we can if you want to get more information regarding the services and of course operating system enumeration so in this case you can see it it actually gives us the ports and the the services running so there's nothing special there it's just a more reliable scan because again as i said it completes the connection to it actually completes the tcp connection right uh the disadvantages of course as i've mentioned is very slow and number two is very easy to detect and prevent uh you know through firewall so on and so forth uh now let's talk about the interesting scan which is uh the one that many of you are probably familiar with but really don't understand how it works and why it's so cool and that is the stealth scan or the half open scan all right so the stealth scan is quite similar to the uh to the tcp open scan or the tcp connect scan sorry in that you're actually going to establish a tcp connection but you're going to just uh cut it short before it the the whole process is completed so what will happen is you will send you being the the host will send the target a syn packet and of course the the target is then going to respond with the synack and then you will reset the connection now what what does this do well this first of all reduces the scan time because all you're waiting for ideally is a response from the target and that response helps you deduce whether the port is open whether the port whether that that port has a service running etc etc right now if the port is open uh you will send a syn packet and the target will respond to the synap that's quite simple if it's closed you'll send a syn packet and if if the port is closed the the target will respond with an rst uh with the packet with an rsd header or the rst flag sorry in the header so what's happening is you as i said you just had a sin if it's open it said that the target's in the syn ack back and then of course you respond with an rsd and you close it uh if if in in the event the the port is closed it it responds with the rst after your sin or your initial synchronization packet is sent so it's a fairly simple now uh again as i said one advantage of this is uh is of course it's much much quicker and secondly it's able you're able to avoid firewalls or to evade firewalls rather and and it really doesn't raise that much attention because you're not establishing a connection with all the ports now to run it and as i said most of you will already be familiar with it if you've been scanning various boxes on hack the box on one lob is nmap ss right so lowercase s and uppercase s and then you type in your your particular device here and you will see that it's going to be much much faster than the uh the the connect scan the tcp connect scan and this is the the preferred way of running nmap scans so there we are you can see that was extremely quick i didn't even have to pause the video and of course you can then combine it with us with stuff like service uh service version enumeration and of course that will take a bit a bit more time but it it will give you uh much faster results based on on the amount of services and the port range that you have specified so again i'll just wait for this it shouldn't take too much time at all uh but i again given that it's going through this these uh it's going through all the services and through the 1000 ports what i can do is i can just shorten the the scan period and we will take a look at timing options with nmap for now let's just stick to to actually the let's stick to understanding the scan types so um i'm just going to enter and we're going to run that and we'll specify the port range so that should run marginally faster so i'll wait for this to complete all right so the scan is complete and as you can see we get uh the same result just that we've filtered or we've reduced the amount of ports that nmap is going to scan with and we got the service versions right over here displayed so again microsoft ftpd open sh 7.1 so on and so forth now the cool thing about running nmap scans and if you're a student and you're trying to learn about nmap and the various tcp uh flags that are being sent and the the tcp through handshake is the cool thing is you can actually use a tool like wireshark to analyze these packets and you can actually see all of these packets being sent so what i'm going to do is i have wireshark open right over here right and i'm just going to double click on my on my capture device here and i'm going to stop that right and the reason being is i'm going to start the scan uh i'm going to start a very very light uh lightweight scan here i'm just going to run a stealth scan well let's let's actually run a connect scan and i'm just going to run this on port 21 right because i know port 21 is actually running on this particular windows server and i want to actually capture the packets and you'll actually be able to see this since this is a connect scan you'll be able to see the syn synack ack and then of course rst or the reset a flag being sent or the reset packet sorry so what i'm going to do is i'm just going to start the capture now continue without saving and i'm going to run the scan and there we are so you can see it did it very very quickly and i'm just going to stop that now and there shouldn't be too much data here so you can see it right over here we have the initial syn which is being sent from my ip or the kali ip address 192.168.1.51 the destination is the windows server so that is your syn packet you can analyze the the contents of this so again this sorted based on the the various layers so you have your frame uh your ethernet frame so again if you if you have learned about the uh the osi model uh this will be quite simple for you then have you so you have your data link network um transport layer so on and so forth and if we click on tcp here uh you can take a look at the source and destination ports and the various flags but the the flag here is a syn flag there you are so you can see that right over here and if we take a look at the options um i don't know whether i want to cover that right now because i'm not covering wireshark until a later section so uh you can look at the flags for now so that's your syn flag right and then you have your um let's see we have your synack that's going to be sent back from the server so that's 192.168.1.30 that's being sent back from windows server back to my device and again i can click on the flag you can see it's synack and so on and so forth so you guys you can actually try this out yourself if you're trying to understand how this works so we then have the ack being sent from calais to the window server and then the final packet which is the rst as i mentioned and that's being sent to terminate the connection so what i'm going to do now is i'm going to run the stealth scan and we'll actually see the difference now right and we're going to run it for the same port and i'm just going to start a new capture here continue without saving and i'm going to run that scan and i'll run it very quickly and i'll stop the captcha and there we are all right so let let's explore the the results now so um we have only a few we have arp a few arp packets here or requests rather uh which is pretty cool but i'll get to that later so we have our synack there we are so sorry we have our syn first that's being sent by kali to the server the server then responds with synac and then we immediately terminate with our rsd and let me just resize that back over here and there we are we can see the rst so that resets the connection and the scan is much quicker as you can see than running a connect scan so that's uh that's how to differentiate between them in terms of the in terms of the tcp flags that are being sent and how they are handled so you're not starting to understand how nmap utilizes tcp flags to to actually to actually create these really really specialized scans based on what you require and again this will get really interesting when you're talking about firewall evasion and nmap scripts and stuff like that um but yeah that's going to be it for this video let me know if you have any questions on the hackersploit forum at forum.hackersploit.org or in the comments section and i'll be seeing you in the next video
Original Description
In this video, I demonstrate how to perform TCP connect and Stealth scanning and how they differ in terms of speed and detection. Nmap is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
📈 SUPPORT US:
Patreon: https://www.patreon.com/hackersploit
Merchandise: https://teespring.com/en-GB/stores/hackersploitofficial
SOCIAL NETWORKS:
Reddit: https://www.reddit.com/r/HackerSploit/
Twitter: https://twitter.com/HackerSploit
Instagram: https://www.instagram.com/hackersploit/
LinkedIn: https://www.linkedin.com/company/18713892
WHERE YOU CAN FIND US ONLINE:
Blog: https://hsploit.com/
HackerSploit - Open Source Cybersecurity Training: https://hackersploit.org/
HackerSploit Academy: https://www.hackersploit.academy
HackerSploit Discord: https://discord.gg/j3dH7tK
LISTEN TO THE CYBERTALK PODCAST:
Spotify: https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7
We hope you enjoyed the video and found value in the content. We value your feedback. If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
#Nmap
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from HackerSploit · HackerSploit · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
Wireshark Tutorial for Beginners - Installation
HackerSploit
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
Wireshark Tutorial for Beginners - Capture options
HackerSploit
Wireshark Tutorial for Beginners - Filters
HackerSploit
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
Zenmap Tutorial For Beginners
HackerSploit
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
VPN And DNS For Beginners | Kali Linux
HackerSploit
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
Steganography Tutorial - Hide Messages In Images
HackerSploit
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
Best Linux Distributions For Penetration Testing
HackerSploit
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
Terminator - Kali Linux - Multiple Terminals
HackerSploit
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
Q&A #2 - Mr Robot?
HackerSploit
Metasploit Community Web GUI - Installation And Overview
HackerSploit
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
ARP Spoofing With arpspoof - MITM
HackerSploit
WordPress Vulnerability Scanning With WPScan
HackerSploit
Generating A PHP Backdoor with weevely
HackerSploit
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
MITM With Ettercap - ARP Poisoning
HackerSploit
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit
More on: Network Security
View skill →Related Reads
📰
📰
📰
📰
The Complete Web Application Penetration Testing Guide (2026)— Part 2
Medium · Cybersecurity
The Networking Problem Nobody Talks About (Until It’s Too Late)
Medium · Cybersecurity
eCPPTv3 Review
Medium · Cybersecurity
Next-Gen Endpoint Protection Software: Securing Remote Employees Against Modern Cyber Threats
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI