Forrest logo
back to the nmap tool

nmap:tldr:a3434

nmap: Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses.
$ nmap -T0 -D ${decoy1_ipaddress,decoy2_ipaddress,---,decoyN_ipaddress} ${address_or_addresses}
try on your machine

The command "nmap -T0 -D ${decoy1_ipaddress,decoy2_ipaddress,---,decoyN_ipaddress} ${address_or_addresses}" is used to perform a port scan using the Nmap tool.

  • "nmap" is the command to run Nmap.
  • "-T0" sets the timing template to the slowest possible level, making the scanning less detectable but more time-consuming.
  • "-D" indicates that decoy scanning should be used.

Decoy scanning involves sending forged packets from multiple IP addresses to confuse the target and make it harder for it to determine the real source of the scan. To specify the decoy IP addresses, you use the format "${decoy1_ipaddress,decoy2_ipaddress,---,decoyN_ipaddress}". Here, "decoy1_ipaddress" represents the first IP address of a decoy, "decoy2_ipaddress" represents the second IP address of a decoy, and so on. You can include multiple IP addresses separated by commas. Nmap will send packets from these decoy IPs along with the real scanning IP.

Finally, "${address_or_addresses}" represents the target IP address or range of addresses to scan. It can be a single IP (e.g., "192.168.1.1") or a range (e.g., "192.168.1.1-10"). Nmap will perform the port scan on the specified target(s) using decoy scanning.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the nmap tool