Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Nmap commands to check Reconnaissance Scan feature in Deep Security

    • Updated:
    • 6 Oct 2020
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 11.0
    • Deep Security 12.0
    • Deep Security 9.6
    • Platform:
Summary

The Deep Security Reconnaissance Scan feature allows the detection of network port scanning to the remote host. It can detect possible attack in your system.

To simulate different types of Reconnaissance Scan and check how Deep Security can detect it, you can use freeware cross-platform tool such as Nmap (Network Mapper).

Details
Public

You can refer to the Nmap website for the installation binaries for different platforms.

Below are the Nmap commands that can be used to simulate the Reconnaissance Scan.

TypeDescriptionNmap commandExample
Computer OS
Fingerprint Probe
The Agents/Appliances will recognize and react to active TCP stack OS fingerprinting attemptsNmap -v -O target_IP-
Network or Port ScanThe Agents/Appliances will recognize and react to port scans.Nmap -v -sS target_IPNmap -v -sS 192.168.x.x
Nmap -p port_range target_IPNmap -p 1-5000 192.168.x.x
TCP Null ScanThe Agents/Appliances will refuse packets with no flags set.Nmap -v -sN target_IP-
TCP SYNFIN ScanThe Agents/Appliances will refuse packets with only the SYN and FIN flags set.Nmap -v —scanflags SYNFIN target_IP-
TCP Xmas ScanThe Agents/Appliances will refuse packets with only the FIN, URG, and PSH flags set or a value of 0xFF (every possible flag set).Nmap -v -sX target_IP-

For more information about the Reconnaissance Scan feature, refer to the Deep Security Help Center.

Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1104677
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.