How to perform a stealth scan using Nmap (2024)

Network Mapper (Nmap) is a popular, effective open-source network scanning and inspection tool. It is intended to find hosts and services on a computer network to create a network map. Nmap has a variety of scanning techniques, including TCP, UDP, SYN, ACK, and ICMP scans.

What is a stealth scan?

A stealth scan is a scanning technique in Nmap that seeks to minimize the detection of scanning activity by the target host's firewalls and other security measures.

The default SYN scan is also known as a stealth scan. This is due to the SYN scan failing to complete the TCPTransmission Control Protocol handshake. The SYN flag in the TCP header is used to execute an SYN scan, also known as a half-open scan. Nmap does an SYN scan by sending an SYN packet to the target host and waiting for a response. Nmap closes the connection once it receives a response. This makes analyzing incoming packets difficult for the target.

Note: The SYN scan alone does not guarantee perfect stealth mode. To reduce the possibility of notifying the target host, extra flags must be included in combination with the scan.

Syntax

The -sS flag is used to perform the default SYN scan or stealth scan on target.