Nmap basic scan = Syn Scan

The first step into computer hacking is information gathering and Nmap is the perfect tool for this purpose.

Nmap port scanner is a program that attempts a TCP 3-way handshake with an open port on the target computer

In the TCP three way Handshake, there are 3 stages clearly described: SYN, SYN/ACK and ACK.

Nmap attempts to establish a response from the scanned 'ports' by sending probes (data packets) to them and based on the SYN/ACK response, certain information is obtained about the machine.

if the target returns an ACK-SYN packet, nmap immediately sends an RST packet rather than completing the handshake with an ACK packet.

Nmap Data packets

The main purpose of this research is to be able to identify Nmap network traffic the most efficient way possible and create a tool that can help us monitor NMAP port scans. For this purpose we need to start identifying which kind of data packets we will begin analyzing, as we already mentioned , there are 3 major types.