You should now be completely able to run Nmap scans against a variety of hosts. That's great! Knowing how to run a basic scan will get you through many situations, but there are a few notable exceptions—and different scan types—that are vital to become a power user.
We will now specifically cover different methods for host detection (so that you know what to scan), how to run scans against devices that are trying to hide themselves, scanning UDP, different verbosity options, and so on.
In this chapter, we will cover:
Running a ping sweep
Running a ping agnostic scan
Scanning UDP services
Running different TCP flags on scans—such as the Xmas Tree scan
Operating system detection
Increasing verbosity in Nmap output
Showing packet tracing in scans