TCP Flag Definitions

  • SYN - The beginning of connection
  • ACK - Acknowledgment of a previous packet
  • FIN - CLose a TCP Connection
  • RST - Abort a connection


# Scanning a host
nmap -sT -p 21        # tcp ping
nmap -sP              # ping
nmap -sR              # RPC service
sudo nmap -sS         # SYN Scan
sudo nmap -sA         # ACK Scan
sudo nmap -sF         # FIN Scan
sudo nmap -sX         # Xmas Scan
sudo nmap -sN         # Null Scan to turn off all flags

sudo nmap -sU         # UDP Scan, will take time
sudo nmap -sO         # Protocol scanning, will take time
sudo nmap -r          # disable randomizing ports
sudo nmap -O vm1                  # OS Fingerprint (detect OS)

nmap -sP           # Network scanning
nmap -sP          # Network scanning

Packet Sniffers

Applications that monitor, filter and capture data packets transferred over network. (libpcap/winpcap is library commonly used by sniffers)

  • Network Monitor
  • tcpdump


  • Wireshark
  • tcpdump/windump
  • snort
  • suricata
  • Zeek
  • Kismet

Blackbox Testing

  • Pentest, EH

Whitebox Testing

  • System Analysis



Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. (Download)

$ sudo service nessusd start

# Reset Nessus Password
/opt/nessus/sbin/nessuscli chpasswd
/opt/nessus/sbin/nessuscli lsuser

Nessus only supports RSA/DSA key types for the authentication.

ssh-keygen -m PEM -t rsa
# or Convert the OPENSSH key to .PEM:
ssh-keygen -p -m PEM -f /path/to/private_key