Understanding Nmap Scan with Wireshark

In this article, you will learn how to capture network packet using Wireshark when an attacker is scanning target using NMAP port scanning method. Here you will notice that how Wireshark captured different network traffic packet for open and close ports.

Note: The Below Practical is performed with the IP address

192.168.43.251 = Metasploitable 2 Machine (Target)

192.168.43.72 = Attacker (Kali)

Download Metasploitable 2 Machine

https://download.vulnhub.com/metasploitable/metasploitable-linux-2.0.0.zip

TCP Scan

Tcp scan will scan for TCP port like port 22, 21, 23, 445 etc and ensure for listening port (open) through 3-way handshake connection between the source and destination port. If the port is open then source made request with SYN packet, a response destination sent SYN, ACK packet and then source sent ACK packets, at last source again sent RST, ACK packets.

Type following NMAP command for TCP scan as well as start Wireshark on another hand to capture the sent Packet.

nmap -sT -p 445 192.168.43.251