Nmap — The Powerful Scanner

Nmap stands for Network Mapper. It is an open-source tool used to discover and explore the network. It was created by Gordon Lyon. It probes computer networks and provides information of the services and operating systems they are running. Nmap performs host discovery, port scanning, version detection and OS detection. It is very flexible, portable and powerful tool.

Nmap- icon

Nmap can be used to scan single hosts as well as huge networks and supports many advanced techniques for mapping out networks. It also supports many Operating systems including Windows, Linux, Solaris, Mac OS X, OpenBSD, etc. Nmap’s community adds new features very actively. It is a very essential tool for scanning phase of vulnerability assessment and penetration testing. We can get number of open ports and services running on those ports of a particular network so that we can move further to vulnerability scanning phase. It can also tell which ports are filtered by firewalls.

How to install Nmap in Linux

To install Nmap on Linux distribution use the following command:

On Red Hat >> yum install nmap

On Debian >> sudo apt-get install nmap

Nmap Command

Help >> nmap -help

Nmap- Help command

Scan open ports >> nmap 192.168.0.101

Scan multiple hosts >> nmap 192.168.0.101 192.168.0.102 192.168.0.103

Scan to find out OS information >> nmap -A 192.168.0.101

Scan to detect firewall >> nmap -sA 192.168.0.101

Idle Scan >> nmap -sI 192.168.1.50 192.168.1.100

Scan for ports >> nmap -p 80,443 192.168.0.101

Exclude hosts from search >> nmap 192.168.0.* — — exclude 192.168.0.100

Information about service versions >> nmap -sV 192.168.0.101

Identify hostnames >> nmap -sL 192.168.100.201

Complete a scan in stealth mode >> nmap -sS 192.168.0.101

Scan IPv6 Addresses >> nmap -6 ::a25c:b251:c1

Scan to find which servers are active >> nmap -sP 192.168.0.*

Ping Scan >> nmap -sP 192.168.1.100

Find host interfaces and routes >> nmap — — iflist

Output to a file >> nmap 192.168.1.1 -oN abc.txt

TCP connect Scan >> nmap -sT 192.168.0.101

UDP Scan >> nmap -sU 192.168.1.100

FIN Scan >> nmap -sF 192.168.1.100

Nmap Speed Control

We can also control the speed of Nmap scan using -T flag with a number that defines a intrusion detection level. The levels are denoted as follows:-

T0 = This indicates paranoid intrusion detection system evasion.

T1 = This indicates sneaky intrusion detection system evasion.

T2 = This indicates polite scan which utilizes less bandwidth of target machine resources.

T3 = This indicates normal speed.

T4 = This indicates aggressive scan with a fast speed.

T5 = This indicates insane scan with extraordinarily fast speed.

Conclusion

Nmap is the most powerful tool for scanning. It provides information about the target which is important for the penetration tester to understand the network topology through which they can identify the vulnerabilities and exploit them to improve the security infrastructure.

Happy Hacking Guys!!!

Author- Vishal Jain

VIEH Group

www.viehgroup.com