Scanning TCP ports
Now that we have identified which systems exist, we can look at what services exist on those hosts. We will start with TCP services, since they are much easier to understand the results for.
There are a number of different types of TCP scans, but we are going to look at the two most common ones, the Connect scan and the SYN scan.
How to do it…
The two most common types of scans used for detecting open TCP ports are TCP Connect Scans, and SYN scans. SYN scans are the stealthier and potentially safer option, but require root privileges to run. Let's look at both and see how they differ.
TCP CONNECT scan
Let's start the TCP connect scan:
$ nmap -sT 10.0.0.10 Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-06 15:14 EDT Nmap scan report for 10.0.0.10 Host is up (0.0016s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds ...
