red-team discovery at layer 4 (tcp & udp ports)

playing with nmap

top 10 vs full-range

it’s top 1000 by default otherwise e.g.

    --top-ports 10
    -p0-65535

tcp window scan

checking by SYN/ACK by default

but to cope with open|filtered, there’s TCP Window Scan (-sW).

    nmap -sW ...

assess email services

see what ports an MX or outbound MTA offers

    nmap -Pn -p 25,465,587 SMTP_SERVER

see what ports a IMAP server offers

    nmap -Pn -p 143,993 IMAP_SERVER

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT