Nmap — The Powerful Scanner
Nmap stands for Network Mapper. It is an open-source tool used to discover and explore the network. It was created by Gordon Lyon. It probes computer networks and provides information of the services and operating systems they are running. Nmap performs host discovery, port scanning, version detection and OS detection. It is very flexible, portable and powerful tool.
Nmap can be used to scan single hosts as well as huge networks and supports many advanced techniques for mapping out networks. It also supports many Operating systems including Windows, Linux, Solaris, Mac OS X, OpenBSD, etc. Nmap’s community adds new features very actively. It is a very essential tool for scanning phase of vulnerability assessment and penetration testing. We can get number of open ports and services running on those ports of a particular network so that we can move further to vulnerability scanning phase. It can also tell which ports are filtered by firewalls.
How to install Nmap in Linux
To install Nmap on Linux distribution use the following command:
On Red Hat >> yum install nmap
On Debian >> sudo apt-get install nmap
Nmap Command
Help >> nmap -help
Scan open ports >> nmap 192.168.0.101
Scan multiple hosts >> nmap 192.168.0.101 192.168.0.102 192.168.0.103
Scan to find out OS information >> nmap -A 192.168.0.101
Scan to detect firewall >> nmap -sA 192.168.0.101
Idle Scan >> nmap -sI 192.168.1.50 192.168.1.100
Scan for ports >> nmap -p 80,443 192.168.0.101
Exclude hosts from search >> nmap 192.168.0.* — — exclude 192.168.0.100
Information about service versions >> nmap -sV 192.168.0.101
Identify hostnames >> nmap -sL 192.168.100.201
Complete a scan in stealth mode >> nmap -sS 192.168.0.101
Scan IPv6 Addresses >> nmap -6 ::a25c:b251:c1
Scan to find which servers are active >> nmap -sP 192.168.0.*
Ping Scan >> nmap -sP 192.168.1.100
Find host interfaces and routes >> nmap — — iflist
Output to a file >> nmap 192.168.1.1 -oN abc.txt
TCP connect Scan >> nmap -sT 192.168.0.101
UDP Scan >> nmap -sU 192.168.1.100
FIN Scan >> nmap -sF 192.168.1.100
Nmap Speed Control
We can also control the speed of Nmap scan using -T flag with a number that defines a intrusion detection level. The levels are denoted as follows:-
T0 = This indicates paranoid intrusion detection system evasion.
T1 = This indicates sneaky intrusion detection system evasion.
T2 = This indicates polite scan which utilizes less bandwidth of target machine resources.
T3 = This indicates normal speed.
T4 = This indicates aggressive scan with a fast speed.
T5 = This indicates insane scan with extraordinarily fast speed.
Conclusion
Nmap is the most powerful tool for scanning. It provides information about the target which is important for the penetration tester to understand the network topology through which they can identify the vulnerabilities and exploit them to improve the security infrastructure.
Happy Hacking Guys!!!
Author- Vishal Jain
VIEH Group
www.viehgroup.com