|Last modified: 14-11-2012|
If you're not familiar with TCP/IP, read my other tutorial, All about IP.
-sT is scanning with the standard, three way TCP handshake (SYN, SYN/ACK, ACK), and thus, is just too obvious if you don't want admins on the remote host to know that you're scanning their host.
-sS is a more discrete way to scan for open ports; It uses half open SYN segments: SYNC > SYN/ACK > RESET if the remote port is open, and SYNC > RESET if the remote port is closed.
-sF, -sX, -sN all take advantage of the fact that a standard IP stack should answer RESET when a closed port is probed with a FIN packet, but not return anything if a process is listening on the port. Windows is said not to respond correctly due to a non-standard behavior of its IP stack.
In case your host has more than one interface, use -e to specify through which interface nmap should probe the remote host