Penetration testing with tcpdump and nmap

Install necessary tools. Remove existing nmap to aovid conflicts

sudo apt-get update
sudo apt-get purge nmap
sudo apt-get install tcpdump build-essential libssl-dev

Download the latest nmap and install

tar xjvf nmap*
cd nmap*
nmap -V


Capture packets with tcpdump

sudo tcpdump host target_IP -w ~/scan_results/packets

Pause running rocess of tcpdump by hitting CTRL+Z


Resume the job


Bring the running process out of background


You may stop the process




Run SYN scan with nmap

sudo nmap -sS -Pn -T4 -vv --reason -oN ~/scan_results/nmap.results

Full scan

sudo nmap -sS -Pn -p- -T4 -vv --reason -oN ~/scan_results/nmap.fullResults

Discover version of service

sudo nmap -sV -Pn -p 1433,3389 -vv --reason -oN ~/scan_results/service_ver.nmap

Discover operating system

sudo nmap -O -Pn -vv --reason -oN ~/scan_results/os_version.nmap

-sS Default scan if no parameter is given

-Pn Skipping host discovery. Aborts early if doesn’t respond to ping.

-p- Checks every available port

-T4 0 is the slowest and 5 is the fastest.

— reason shows reasons

-oN Writes the results to a file


Read scanned results

Read nmap results

less ~/scan_results/nmap.results

Read tcpdump results

sudo tcpdump -nn -r ~/scan_results/packets | less

To view only the traffic sent to the target (dst)

sudo tcpdump -nn -r ~/scan_results/packets 'dst' | less

To view only the traffic from the target (src)

sudo tcpdump -nn -r ~/scan_results/packets 'src' | less

To view response from open tcp ports (only the successful SYN responses)

sudo tcpdump -nn -r ~/scan_results/packets 'src target_IP and tcp[tcpflags] & tcp-syn != 0' | less



For UDP scan, you may wish to unlock the speed of ICMP rate limit
Check your current setting

sudo sysctl net.ipv4.icmp_ratelimit

1000 is the default
Set icmp_ratelimit to zero to speed up UDP scan

sudo sysctl -w net.ipv4.icmp_ratelimit=0

Remember to revert the back the setting. (You may just reboot the system to revert)

sudo sysctl -w net.ipv4.icmp_ratelimit=1000

For UDP scan

sudo nmap -sU -Pn -T4 -vv --reason -oN ~/scan_results/nmap.udp.results target_IP

Full UDP scan

sudo nmap -sU -Pn -p- -T4 -vv --reason -oN ~/scan_results/nmap.udp.results target_IP


Leave a Comment

Your email address will not be published. Required fields are marked *