Stealth scanning with Nmap
Nmap also has a scanning mode that performs SYN scanning of remote systems. This recipe demonstrates how we can use Nmap to perform a TCP stealth scan.
Getting ready
To use Nmap to perform a TCP stealth scan, you will need to have a remote system that is running accessible network services over TCP. In the examples provided, an instance of Metasploitable2 is used to perform this task. For more information on how to set up Metasploitable2, refer to Chapter 1, Getting Started.
How to do it…
As with most scanning requirements, Nmap has an option that simplifies and streamlines the process of performing TCP stealth scans. To perform TCP stealth scans with Nmap, the -sS option should be used with the IP address of the host that is to be scanned:
root@KaliLinux:~# nmap -sS 172.16.36.135 -p 80 Starting Nmap 6.25 ( http://nmap.org ) at 2013-12-17 21:47 EST Nmap scan report for 172.16.36.135 Host is up (0.00043s latency). PORT STATE SERVICE 80/tcp open http MAC Address...
