Project Toolkit 003 : Nmap

Though you Try to hide you can never hide from me

Hey all today I am going to discuss about NMAP (Network Mapper). Nmap has achieved mass following from system administrators, security and network engineers, incident response teams, firewall administrators, penetration testers, desktop administrators, and domain administrators. Anyone who has a job function that requires to search for an open port Nmap will fulfill those services. This is an open source tool and this tool was initially introduced to the world in September of 1977 via an article named Fyodor.

Let’s discuss about some Nmap Features. This tool is packed with features and has the capacity to perform basic scans. This also has the means to command advanced scans containing multiple of options. Initially Nmap is utilized as a command-line driven but now in recent years the GUI versions of Nmap are utilized more often. This GUI version also known as Zenmap was used in a comfortable way to gain understanding of how this tool works. However, command-line version is used simply by calling the name of the application and applying the parameters in order to scan.

Nmap utilizations for system scanning are testing for open ports on the interfaces of a firewall, performing scans across workstation IP address ranges to determine if there are any unauthorized applications are installed, locating systems with open file sharing ports and locating unauthorized FTP servers, printers or operating systems.

What does Nmap do?

Nmap is a tool that gives you detailed, real-time information about your network and the devices that are connected to it. Nmap’s principal functions can be divided into three categories. The tool first provides thorough information about each IP active on your networks, after which each IP can be inspected. This helps managers to determine whether an IP address is being used by a legitimate service or by a malicious outsider. Secondly, Nmap gives you information about your whole network. It can be used to display a list of active hosts and open ports, as well as identify the operating system of all network devices. This makes it an important aspect of pentesting as well as a handy tool for ongoing system monitoring. For example, it’s used in the Metasploit framework to probe and then fix network vulnerabilities. Finally, Nmap has shown to be a useful tool for users who want to secure their personal and professional websites. When you use Nmap to scan your own web server, especially if you’re hosting your website from home, you’re essentially imitating a hacker’s attack. This type of “attacking” on your own site is a great approach to find security flaws.

How to install Nmap?

The installation of Nmap is simple, although it varies depending on your operating system.

· Nmap comes with a custom installer for Windows (nampsetup.exe). This installer will automatically configure Nmap on your machine when you download and execute it.

The download link: https://nmap.org/book/inst-windows.html

· Nmap also comes with a Mac-specific setup. Start this installation by running the Nmap-mpkg file. You may get a warning that Nmap is from a “unidentified developer” on some newer versions of macOS, but disregard it.

The download link: https://nmap.org/book/inst-macosx.html

· Nmap can be compiled from source or installed using a package manager on Linux. To use apt, run Nmap –version to see if Nmap is installed, then sudo apt-get install Nmap to get it installed.

The download link: https://nmap.org/book/inst-linux.html

How to run a ping scan?

Without sending any packers to these hosts, this identifies all the the IP addresses that are currently online.

Run the following command to perform a ping scan:

This command then displays a list of hosts on your network as well as the overall number of IP numbers given to them.

How to run a host scan?

Using Nmap to run a host scan is a more powerful technique to scan your networks. A host scan, unlike a ping scan, sends ARP request packets to all of the hosts on your network. Each host then responds with another ARP packet including its status and MAC address in response to this packet.

Use the following command to run a host scan:

This command delivers information on each host, including their latency, MAC address, and any descriptions linked with that address. This can be a very effective means of detecting suspicious hosts on your network.

Common Nmap Functions.

01. Ping scanning.

02. Port scanning

TCP-SYN-Scan (-sS)

Fast

Stealthy

Requires privileges

TCP-Connect-Scan (-sT)

Relies on OS

Slower than TCP-SYN-Scan

UDP-Scan (-sU)

Slow

Unreliable

IP-Protocol-Scan (-sO)

Enumerating IP Protocols

The basic port states that Nmap distinguishes are stated below;

· open

· closed

· filtered

· open|filtered

03. Host scanning

04. OS scanning

Nmap’s OS scanning is one of its most powerful functions. Nmap does this type of scan by sending TCP and UDP packets to a certain port and then analyzing the response. It compares the response to a database of 2600 operating systems and returns information on the host’s operating system (and version).

05. Disable DNS name resolution

Finally, by using the -n argument to suppress reverse DNS resolution, you can speed up your Nmap scans. If you need to scan a huge network, this can be quite handy.

Here we are at the end of today’s session as we have now identified Nmap’s ability to provide assistance for scanning purposes. This article provides an overview of the tool. Now that you have been introduced to this tool, you all can use your knowledge to start exploring more about this tool and scan your organization’s system to identify vulnerabilities.

Always remember, “It’s always a good sign when the black terminal pops up with the green color letters.”

Stay home, Stay safe!

Written by Thriyashi Silva — 2nd Year 2nd Semester -Cyber Security Student-SLIIT

First they begin with Us..