You simply type the target’s IP address of hostname in the Target field, choose the scan type from the Profile field, and click the Scan button to start the scan. Finally insane mode assumes that you are on an extraordinarily fast network or are willing to sacrifice some accuracy for speed. You should get the Zenmap main window: As you can see in the picture above, most of the options and fields are pretty straightforward.
Aggressive mode speeds scans up by making the assumption that you are on a reasonably fast and reliable network. It is important to note that nmap, only scans for open TCP/UDP type ports. Normal mode is the default and so -T3 does nothing. nmap can be used to scan your IP addresses. To simulate different types of Reconnaissance Scan and check how Deep Security can detect it, you can use freeware cross-platform tool such as Nmap (Network Mapper). It can detect possible attack in your system. Polite mode slows down the scan to use less bandwidth and target machine resources. The Deep Security Reconnaissance Scan feature allows the detection of network port scanning to the remote host. The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). It works by sending a single TCP SYN packet to each possible port. It is quieter than a TCP Connect scan, that is, it won’t show up on most simple logs. An IP range could look like 192.168.1-10. Note: Hostnames are queried against DNS, while IPs undergo a reverse-lookup.
If the network is not enough reliable you can lose accuracy with faster modes. NMAP Scan Types: S YN SCAN This is the default scan and is good for most purposes. Here,1 - in the second scan you are not specifying all ports ( 1-65535 or -p-) so nmap will scan only common ports.īy default, Nmap scans the most common 1,000 ports for each protocol.Ģ - in the second scan you are using -sU which tells to nmap to scan also UDP services while in the first scan you are using default option (only TCP services).ģ - you should also consider that in the second scan you are specifying -T4 which correspond to aggressive timing template option while in the first scan the default option is -T3 ( normal mode).