Back to course

Advanced Nmap Scans (Timing and Decoys)

Cyber Security Mastery: From Zero to Hero

Evasion and Efficiency

Advanced Nmap switches allow you to control the speed of the scan (timing) and attempt to bypass or confuse security devices (evasion).

Timing Templates (-T)

Scan timing ranges from 0 (Paranoid - very slow, high chance of evasion) to 5 (Insane - very fast, high chance of crashing target or detection).

  • -T4 (Aggressive): Recommended for reliable testing; fast but typically safe.
  • -T3 (Normal): Default timing.

bash nmap -T4 192.168.1.100

Evasion Techniques

  • Fragmentation (-f): Splits packets into smaller pieces, sometimes bypassing simple packet filters that only check the first fragment.
  • Decoys (-D): Makes the scan appear to originate from multiple IP addresses (including the real one). This can flood logs and confuse detection systems.

bash

Use three decoy IPs (A, B, C) plus the actual IP (ME)

nmap -D 10.0.0.1,10.0.0.2,ME,10.0.0.3 192.168.1.100