Cisco Cisco FirePOWER Appliance 8370
43-4
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Understanding Nmap Scans
Probe open ports for
vendor and version
information
vendor and version
information
Enable to detect server vendor and version information. If you probe open
ports for server vendor and version information, Nmap obtains server data
that it uses to identify servers. It then replaces the Cisco server data for that
server.
ports for server vendor and version information, Nmap obtains server data
that it uses to identify servers. It then replaces the Cisco server data for that
server.
-sV
Service Version
Intensity
Intensity
Select the intensity of Nmap probes for service versions. Higher service
intensity numbers cause more probes to be used and result in higher
accuracy, while lower intensity probes are faster but obtain less
information.
intensity numbers cause more probes to be used and result in higher
accuracy, while lower intensity probes are faster but obtain less
information.
--version-intensity
<intensity>
Detect Operating
System
System
Enable to detect operating system information for the host.
If you configure detection of the operating system for a host, Nmap scans
the host and uses the results to create a rating for each operating system that
reflects the likelihood that the operating system is running on the host. For
more information on when and how Nmap-identified identity data appears
in the network map, see
the host and uses the results to create a rating for each operating system that
reflects the likelihood that the operating system is running on the host. For
more information on when and how Nmap-identified identity data appears
in the network map, see
.
-o
Treat All Hosts As
Online
Online
Enable to skip the host discovery process and run a port scan on every host
in the target range. Note that when you enable this option, Nmap ignores
settings for
in the target range. Note that when you enable this option, Nmap ignores
settings for
Host Discovery Method
and
Host Discovery Port List
.
-PN
Host Discovery
Method
Method
Select to perform host discovery for all hosts in the target range, over the
ports listed in the
ports listed in the
Host Discovery Port Lis
t, or if no ports are listed, over the
default ports for that host discovery method.
Note that if you also enabled
Treat All Hosts As Online
, however, the
Host
Discovery Method
option has no effect and host discovery is not performed.
Select the method to be used when Nmap tests to see if a host is present and
available:
available:
•
The
TCP SYN
option sends an empty TCP packet with the SYN flag set
and recognizes the host as available if a response is received. TCP SYN
scans port 80 by default. Note that TCP SYN scans are less likely to be
blocked by a firewall with stateful firewall rules.
scans port 80 by default. Note that TCP SYN scans are less likely to be
blocked by a firewall with stateful firewall rules.
•
The
TCP ACK
option sends an empty TCP packet with the ACK flag set
and recognizes the host as available if a response is received. TCP ACK
also scans port 80 by default. Note that TCP ACK scans are less likely
to be blocked by a firewall with stateless firewall rules.
also scans port 80 by default. Note that TCP ACK scans are less likely
to be blocked by a firewall with stateless firewall rules.
•
The
UDP
option sends a UDP packet and assumes host availability if a
port unreachable response comes back from a closed port. UDP scans
port 40125 by default.
port 40125 by default.
TCP SYN
:
-PS
TCP ACK
:
-PA
UDP
:
-PU
Host Discovery Port
List
List
Specify a customized list of ports, separated by commas, that you want to
scan when doing host discovery.
scan when doing host discovery.
port list for host
discovery method
discovery method
Table 43-1
Nmap Remediation Options (continued)
Option
Description
Corresponding Nmap
Option
Option