An IP Protocol scan is useful for determining what communication protocols are being used by a host. This information serves different purposes, including packet filtering testing and remote operating system fingerprinting.
This recipe shows how to use Nmap to enumerate all of the IP protocols supported by a host.
Open a terminal and type the following command:
$nmap -sO <target>
The results will show what protocols are supported, along with their states.
# nmap -sO 192.168.1.254 Nmap scan report for 192.168.1.254 Host is up (0.0021s latency). Not shown: 253 open|filtered protocols PROTOCOL STATE SERVICE 1 open icmp 6 open tcp 132 closed sctp MAC Address: 5C:4C:A9:F2:DC:7C (Huawei Device Co.) Nmap done: 1 IP address (1 host up) scanned in 3.67 seconds
The flag -sO
tells Nmap to perform an IP Protocol Scan. This type of scan iterates through the protocols found in the file nmap-protocols
, and creates IP packets for every entry. For the IP protocols TCP, ICMP, UDP, IGMP, and SCTP, Nmap will set valid header values but for the rest, an empty IP packet will be used.
To determine the protocol state, Nmap classifies the different responses received, as follows:
filtered|open
To specify what protocols should be scanned, we could set the argument -p
:
$nmap -p1,3,5 -sO <target> $nmap -p1-10 -sO <target>
3.147.60.63