Friday, November 13, 2009

NMAP: The Best network exploration tool

Nmap (“Network Mapper”) is an open source tool for network exploration. It was designed to rapidly scan large networks, although it works fine against single hosts.

Nmap determines what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, is there any open unfiltered ports and dozens of other characteristics.
Systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime and firewall monitoring.
In between the lines, it says that nmap is an unavoidable tool for a hacker..


sudo apt-get install nmap


nmap -parameters -options target_specification


What are ports? Don't think that they are the one you see behind your pc , used to insert the LAN cable and USB..these are not that physical ports..these are logical ones can't see them.But they are the ways by which two computers can communicate. Processes in a computer will have ports associated with port 80 for HTTP, port 22 for ssh etc.. So if you want to access some other computer, you should find a open unfiltered port in that..

Ports can have these stages:
1) open : these ports have some application linked to it( Attackers can attack this way..)
2) closed : these ports are accessible but there is no application listening to no use
3) filtered: these are being monitored by firewalls..
4)unfiltered: Not under monitoring..may be open or closed.

There are different types of port scanning.

1) TCP SYN scan ( -sS )

> These are default and quick
> clearly differentiates open,closed and filtered ports
> Does not establish TCP nobody catches u
> it takes less time

2) TCP connect Scan (-sT )

> creates connection with this takes more time

3) ACK scan ( -sA )

> This doesn't determine a port is closed or open.
> It differentiaties only filtered and non filtered.

The list goes on..i am not listing all here..


> You can detect the Operating System of the target you specified. (option -O )

> You can scan an entire subnet and find the hosts .

> You can specify particular ports to scan.( -p <port ranges>)

> You can detect the services(and their versions ) running in these ports. (option -sV)

I will show u a few examples

nmap -v -O
This will scan the system and detect the operating systems used .Output of this command is shown here and you can see detected operating system is marked.

nmap -sS -p 22,53,110,143,4564
This will scan specified ports(22,53..) in host in specified ip range..