Specify Source

These options give you greater control over how Nmap performs the scan, whether you want to use a specific network interface, alter DNS resolution, or even disguise your scan using decoy IP addresses.

`-S` (Specify Source IP)

The -S option allows you to set a custom source IP address from which the scan is initiated. This can be helpful when you want to simulate a scan originating from a specific machine or IP address, or if you’re testing firewall rules or configurations.

Example usage:

`nmap -S 192.168.1.100 192.168.1.10`

`-g` (Use a Specific Source Port)

The -g option allows you to specify a custom source port number. This can be useful for evading detection, as some firewalls or security systems may only monitor specific ports.

Example usage:

nmap -g 53 192.168.1.10

`-e` (Specify Network Interface)

The -e option allows you to specify a particular network interface for Nmap to use during the scan. This is useful if your system has multiple interfaces and you want to scan through a specific one.

Example usage:

nmap -e eth0 192.168.1.10

`--dns-server` (Use a Specific DNS Server)

The --dns-server option allows you to specify a custom DNS server for name resolution during the scan. This is useful if you want to use a specific DNS server instead of the default one configured on your system.

Example usage:

nmap --dns-server 8.8.8.8 192.168.1.10

`-D` (Decoy Scan)

The -D option allows you to launch a decoy scan, where Nmap sends packets from multiple IP addresses to confuse the target system about the origin of the scan. This increases stealth and can help avoid detection by intrusion detection systems (IDS) or firewalls.

Example usage:

nmap -D RND:5 192.168.1.10

Example of Using Advanced Options Together

nmap -sS -g 53 -e eth0 --dns-server 8.8.8.8 -D RND:3 192.168.1.10

Key points

-sS: Stealth SYN scan
-g 53: Use port 53 (DNS) as the source port
-e eth0: Use the eth0 network interface
--dns-server 8.8.8.8: Use Google’s DNS server for name resolution
-D RND:3: Use 3 random decoy IPs to obfuscate the scan’s source

This combined command will help you conduct a stealthy scan with enhanced privacy and avoid detection by using a specific network interface, DNS server, and decoy IP addresses.

Summary Table of Advanced Options

Option	What It Does	Use Case
`-s`	Specifies the scan type (e.g., SYN, TCP connect)	Choose the appropriate scan type for your needs
`-g`	Specifies the source port for the scan	Bypass simple firewalls by using a common port like 53
`-e`	Specifies the network interface to use	Choose a specific network interface for scanning
`--dns-server`	Uses a specific DNS server for name resolution	Resolve hostnames using a custom DNS server
`-D`	Uses decoy IP addresses to disguise the real source	Increase stealth by masking the source IP

Explorer

`-S` (Specify Source IP)

`-g` (Use a Specific Source Port)

`-e` (Specify Network Interface)

`--dns-server` (Use a Specific DNS Server)

`-D` (Decoy Scan)

Example of Using Advanced Options Together

Summary Table of Advanced Options

Table of Contents

Explorer

-S (Specify Source IP)

-g (Use a Specific Source Port)

-e (Specify Network Interface)

--dns-server (Use a Specific DNS Server)

-D (Decoy Scan)

Example of Using Advanced Options Together

Summary Table of Advanced Options

Table of Contents

`-S` (Specify Source IP)

`-g` (Use a Specific Source Port)

`-e` (Specify Network Interface)

`--dns-server` (Use a Specific DNS Server)

`-D` (Decoy Scan)