Articles
Downloads
The Tech Teapot
Nmap Options and Debug logging
Fragmentation
The idea is to split IP packets into small fragments in the hope that Firewalls will not queue and reassemble the packets. Because of the overhead that reassembly imposes some Firewalls disable the reassembly feature and would be vulnerable to this type of scan.
I have tried this on Windows XP and the fragmentation does not appear to work. It is known to work on many UNIX and Linux systems though.
Get Identd Info
If a host is running the Identd protocol it may be possible to make a TCP connection to a port and find out the username of any processes connected to the port.
This is a very dangerous protocol to run on your hosts as it will tell outsiders about your users, information that you may not want them to have. If this option works then Identd is running on your hosts and you should consider removing it.
Resolve All
Always performs a reverse DNS lookup on all the target IP addresses. Nmap would normally only do this for addresses where a machine is detected.
Don’t Resolve
If you want to speed things up this option allows you to never attempt reverse DNS lookups on any addresses.
Fast Scan
Only scans on the ports in the Nmap services file. Faster than scanning on all the possible ports (65535).
OS Detection
Used to detect the Operating System in use on a host. A series of techniques are used to fingerprint the OS and compare it to a list of known types.
Random Host
Nmap will scan hosts at random by generating addresses.
Debug Options
These options log what Nmap is doing in ever more detail.
Debug
Normal log.
Verbose
Logs more detail.
Very verbose
Logs a great deal more detail.