Reputation: 189
Nmap Switches -sSU and -sSV
I'm trying to follow along in the nmap book and the author uses a couple of switches -sSU and -sSV, but never explains them. They are in these two search strings:
nmap -F -A -sSU ultra
nmap -PN -sSV -T4 -F www.amazon.com
Does -sSU and -sSV stand for another scan type? I couldn't find these switches in their documentation. I'm guess -sSV has something to do with version detection, but on the -sSU scan, it returned both TCP and UDP ports so I know that one's not just UDP. Any help would be appreciated, thanks.
Upvotes: 3
Views: 3361
Answers (1)
Reputation: 6005
Nmap's -s* options are all "scan types," which basically means features that can be turned on. Any that are not mutually exclusive can be combined. So when you specify -sSV you are combining -sS (TCP SYN scan) with -sV (service and application version detection). You can even combine more than two: -sSUV will do TCP and UDP port scans and follow them up with version probing.
EDITED TO ADD: "Mutually exclusive" scan types are those that scan the same transport protocol. So all TCP scan types (-sS, -sT, and the odd -sAMWFXNI types) have to be scanned separately. Also, IP Protocol scan (-sO) isn't allowed with any other scan types. Some of the odder features like FTP bounce (-b) are also probably not able to combine with the others.
Upvotes: 7
Related Questions
- Why nmap is giving me different results than Python when scanning ports?
- nmap: what does "state = closed" means
- What does the -P0 option do when using nmap?
- docker ps shows different ports than nmap
- difference wnen running nmap as sudo
- NMAP -PS, -PA options
- The difference between nmap option, scan types and ping options
- Whats the difference between -sS and -PS in nmap?
- nmap skip port scan but execute --script?
- Exists nmap extended version for the parameter -sV (service/version info)