LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-22-2015, 11:08 AM   #1
bangnagr
Member
 
Registered: Jan 2013
Posts: 48

Rep: Reputation: 4
Difference beween nmap -PS and -sS


Hi All,

I was just going through man pages of nmap, but I couldn't figure out the difference between different SYN scans: -PS vs -sS.

According to man pages, both do the same thing from what I could understand, except -sS is only by root authority.

-PS vs -sS:
Code:
$ nmap -PS www.example.com

Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-22 21:25 IST
Nmap scan report for www.example.com (93.184.216.34)
Host is up (0.32s latency).
Not shown: 993 filtered ports
PORT     STATE  SERVICE
53/tcp   closed domain
80/tcp   open   http
443/tcp  open   https
554/tcp  closed rtsp
1119/tcp closed bnetgame
1755/tcp closed wms
1935/tcp closed rtmp

# nmap -sS www.example.com

Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-22 21:25 IST
Nmap scan report for www.example.com (93.184.216.34)
Host is up (0.32s latency).
Not shown: 993 filtered ports
PORT     STATE  SERVICE
53/tcp   closed domain
80/tcp   open   http
443/tcp  open   https
554/tcp  closed rtsp
1119/tcp closed bnetgame
1755/tcp closed wms
1935/tcp closed rtmp

Nmap done: 1 IP address (1 host up) scanned in 19.33 seconds
So how is -PS different to -sS ?

Thanks
 
Old 02-22-2015, 12:22 PM   #2
JeremyBoden
Senior Member
 
Registered: Nov 2011
Distribution: Debian
Posts: 1,025

Rep: Reputation: 203Reputation: 203Reputation: 203
I don't know the answer - but
Code:
nmap -PS www.linuxquestions.org

Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-22 17:10 GMT
Nmap scan report for www.linuxquestions.org (75.126.162.205)
Host is up (0.17s latency).
Not shown: 988 filtered ports
PORT     STATE  SERVICE
25/tcp   closed smtp
53/tcp   closed domain
80/tcp   open   http
110/tcp  closed pop3
143/tcp  closed imap
443/tcp  open   https
2323/tcp closed 3d-nfsd
4662/tcp closed edonkey
6346/tcp closed gnutella
6699/tcp closed napster
6881/tcp closed bittorrent-tracker
7778/tcp closed interwise

Nmap done: 1 IP address (1 host up) scanned in 9.99 seconds
Code:
nmap -sS www.linuxquestions.org
You requested a scan type which requires root privileges.
QUITTING!
Code:
sudo nmap -sS www.linuxquestions.org

Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-22 17:11 GMT
Nmap scan report for www.linuxquestions.org (75.126.162.205)
Host is up (0.16s latency).
Not shown: 994 filtered ports
PORT    STATE  SERVICE
25/tcp  closed smtp
53/tcp  closed domain
80/tcp  open   http
110/tcp closed pop3
143/tcp closed imap
443/tcp open   https

Nmap done: 1 IP address (1 host up) scanned in 9.91 seconds
I would guess that one shows all ports & the other only shows "well-known ports"???
 
Old 02-22-2015, 04:45 PM   #3
bonsaiviking
LQ Newbie
 
Registered: Aug 2014
Posts: 7

Rep: Reputation: Disabled
All the -P* options affect the method by which Nmap does host discovery. In particular, -PS means "send a SYN packet." If the target gives any reply (SYN/ACK or RST, usually) then it is marked as "up" and is subject to whatever port scan options have been selected (default is a TCP scan of 1000 most-common ports). For this and -PA (ACK packet), Nmap will intelligently change it to a TCP connect() call if you don't have the root privileges necessary to send raw packets and sniff the reply. This is why there's not a special "TCP connect host discovery" option. The -PT option that you might expect is actually an old, deprecated alias for -PA.

All the -s* options select what kind of port scan to do. The -sS option is a TCP half-open SYN scan. This scan requires root privilege. The non-privileged version, -sT, uses a TCP connect() call for each scanned port. If you don't specify any -s* option, Nmap defaults to -sS if you have root, or -sT if you don't. Because there are explicit options for each of these, it is a fatal error to select -sS if you don't have the requisite privilege.
 
2 members found this post helpful.
Old 02-23-2015, 06:44 AM   #4
bangnagr
Member
 
Registered: Jan 2013
Posts: 48

Original Poster
Rep: Reputation: 4
@bonsaiviking Thanks...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Using ActiveX for communication beween Windows Active Directory and website on Linux embryo100 Programming 4 09-03-2014 06:04 AM
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 02:08 AM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 10:10 AM
nmap increase send delay for nmap 4.20 matters Slackware 1 10-02-2007 12:37 AM
How to measure data Transfer beween two servers. rajaniyer123 Solaris / OpenSolaris 5 06-05-2007 04:41 PM


All times are GMT -5. The time now is 07:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration