Tuesday, 31 December 2013

Nmap Port Scanner Basic Tutorial

nmap image

Nmap ("Network @@@@Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.

Nmap has some basic options:

#1: Scan a single host or an IP address (IPv4)

### Scan a single ip address ###
nmap 192.168.1.1

## Scan a host name ###
nmap server1.cyberciti.biz

## Scan a host name with more info###
nmap -v server1.cyberciti.biz

Some more basic options:

  1. -sT : TCP Connect, using method connect(), we can determine wheter the port opened or not, but it is easily to detect by firewall/intrusion detection software.
  2. -sS : SYN stealth scan, using syn to begin connection then sending rst to stop initiation connection, so that no connection will be made. it results in harder detection.
  3. -sF, -sN, -sX : FIN, NULL, Xmass Tree Scan. FIN will send Fin Flag, Null will set no flag and Xmass Tree sets the FIN, URG and PUSH flags. It is used to avoid system detection.
  4. -sP : Ping Scan , scan with ping command to determine whether the target online or not
  5. -sU : UDP Scan , scan port with UDP packet.
  6. -sO : IP Protocol Scan, scan port using ip raw packet.
  7. -sI : Idle Scanning, more advanced scanning mode.
  8. -sV : Version Detection,
  9. -sA : ACK Scan,
  10. -sW, -sR, -sL : Window Scan, RPC Scan, List Scan
Not a fan of command line tools?

Try zenmap the official network mapper front end:

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly.

A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

1 comment: