Lab 2
Lab 2
and Detection
Lab 2
Netstat
• `-A`: Aggressive Scan - Enables OS detection, version detection, script scanning, and
traceroute.
• `-v`: Verbose - Increases the level of output detail.
TCP Host Discovery Methods (PS, PA)
• SYN packet discovery (PS)
– Best against stateful firewalls
• ACK packet discovery (PA)
– Best against stateless firewalls
• Both the -PS and -PA flags are used for host discovery and can be combined with
other flags to gather more information about the target systems. For example:
• nmap -PS22,80,443 192.168.1.0/24
• This command will perform a TCP SYN ping scan on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) across
the IP range 192.168.1.0/24 to discover which hosts are alive.
• nmap -PA -sV 192.168.1.10
• This command will perform a TCP ACK ping scan on the host 192.168.1.10 and then perform version
detection on any open ports that are discovered.
These flags are particularly useful when you want to be stealthy and avoid leaving a
full TCP connection footprint on the target systems.
Homework