Friday, November 13, 2009

NMAP: The Best network exploration tool

Nmap (“Network Mapper”) is an open source tool for network exploration. It was designed to rapidly scan large networks, although it works fine against single hosts.

WHAT IT CAN DO FOR YOU ?
Nmap determines what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, is there any open unfiltered ports and dozens of other characteristics.
Systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime and firewall monitoring.
In between the lines, it says that nmap is an unavoidable tool for a hacker..

INSTALLATION::

sudo apt-get install nmap

USAGE:

nmap -parameters -options target_specification

PORT SCANNING USING nmap::

What are ports? Don't think that they are the one you see behind your pc , used to insert the LAN cable and USB..these are not that physical ports..these are logical ones ..you can't see them.But they are the ways by which two computers can communicate. Processes in a computer will have ports associated with them..like port 80 for HTTP, port 22 for ssh etc.. So if you want to access some other computer, you should find a open unfiltered port in that..

Ports can have these stages:
1) open : these ports have some application linked to it( Attackers can attack this way..)
2) closed : these ports are accessible but there is no application listening to it..so no use
3) filtered: these are being monitored by firewalls..
4)unfiltered: Not under monitoring..may be open or closed.

There are different types of port scanning.

1) TCP SYN scan ( -sS )

> These are default and quick
> clearly differentiates open,closed and filtered ports
> Does not establish TCP connection..so nobody catches u
> it takes less time

2) TCP connect Scan (-sT )

> creates connection with target..so this takes more time

3) ACK scan ( -sA )

> This doesn't determine a port is closed or open.
> It differentiaties only filtered and non filtered.

The list goes on..i am not listing all here..

WHAT ELSE CAN YOU DO ?

> You can detect the Operating System of the target you specified. (option -O )

> You can scan an entire subnet and find the hosts .

> You can specify particular ports to scan.( -p <port ranges>)

> You can detect the services(and their versions ) running in these ports. (option -sV)

I will show u a few examples



nmap -v -O 192.168.75.97
This will scan the system and detect the operating systems used .Output of this command is shown here and you can see detected operating system is marked.




nmap -sS -p 22,53,110,143,4564 198.168.75.1-127
This will scan specified ports(22,53..) in host in specified ip range..

Njoy