How to use NMAP

How to use NMAP

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap is Flexible,Powerful,Portable,Easy,Free,Well Documented,Supported,Acclaimed and Popular.

Use the operating system that works for you. Nmap will run on a Windows system, however it generally works better and is faster under Linux so that would be my recommended platform. In addition having experience with Linux based systems is a great way to get access to a wide selection of security tools.

The nmap network scanning tool supplies a diverse set of options to control its behavior. It can scan multiple hosts and host ranges; utilize various scanning techniques; identify operating systems and service versions; and even perform stealth scanning to avoid triggering certain IDS and IPS utilities.

Basic use of nmap just involves scanning a target IP address or domain name. Few major examples are as below 

Command - nmap testserver1

 nmap testserver1 testserver2

Verbose mode - 

Command - nmap -v testserver1

Using ipaddress - 

Command -  nmap -v 192.155.1.1

           nmap -v 192.155.1.1-10 (to scan 10 ip's between 1 and 10)

Scanning port numbers -

Command -  nmap -p80,443,1980-85 webserv1

 

Service Scans - 

Command -  nmap -sV 192.166.6.113

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 17:52 EST

Nmap scan report for 192.166.6.113

Host is up (0.000012s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 13.09 seconds.

 

nmap 192.166.6.113

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 17:56 EST

Nmap scan report for 192.166.6.113

Host is up (0.000012s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

 

nmap -A 192.168.6.113 (Please note this was with root and -A switch)

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 17:57 EST

Nmap scan report for 192.168.6.113

Host is up (0.000052s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE VERSION

22/tcp open  ssh     OpenSSH 7.2 (protocol 2.0)

| ssh-hostkey:

|   2048 e1:gg:ff:9f:2f:7a:f9:fe:95:e5:f8:54:ae:db:11:9d (RSA)

|_  256 7b:8b:3f:44:3d:45:e3:9a:d3:0f:00:83:24:5d:55:15 (ECDSA)

Device type: general purpose

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4

OS details: Linux 3.8 - 4.4

Network Distance: 0 hops

 

OS Detection by using -O switch

nmap -O 192.166.6.113

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 17:59 EST

Nmap scan report for 192.166.6.113

Host is up (0.000050s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

22/tcp open  ssh

Device type: general purpose

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4

OS details: Linux 3.11 - 3.14, Linux 3.7 - 3.10, Linux 3.8 - 4.4

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .

 

TCP connect() Scan

Command - nmap -sT 192.166.6.113

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 18:08 EST

Nmap scan report for 192.166.6.113

Host is up (0.00036s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 13.11 seconds

 

TCP SYN Scan

nmap -sS 192.168.6.113

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 18:10 EST

Nmap scan report for 192.168.6.113

Host is up (0.000013s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 13.09 seconds

 

TCP ACK Scan

nmap -sA 192.166.6.113

Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-13 18:11 EST

Nmap scan report for 192.166.6.113

Host is up (0.000012s latency).

All 1000 scanned ports on 192.166.6.113 are unfiltered

Nmap done: 1 IP address (1 host up) scanned in 13.09 seconds

 

Further referring,

http://insecure.org/

https://nmap.org/book/osdetect-usage.html

 

man nmap (Manual with all available switches) 

NMAP(1)                                                                                                   Nmap Reference Guide                                                                                                  NMAP(1)

NAME

       nmap - Network exploration tool and security / port scanner

SYNOPSIS

 

       nmap [Scan Type...] [Options] {target specification}

..................

nmap installation in Linux OS - 

If you don't have nmap in your server, use below command and the output will be as below after successful installation. 

[root@localhost ~]# yum install nmap

Yum command has been deprecated, redirecting to '/usr/bin/dnf install nmap'.

See 'man dnf' and 'man yum2dnf' for more information.

To transfer transaction metadata from yum to DNF, run:

'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate'

Warning: failed loading '/etc/yum.repos.d/google-chrome.repo', skipping.

Last metadata expiration check: 0:31:43 ago on xxxxxxxxxxxxxxxxxxx

Dependencies resolved.

================================================================================

 Package                  Arch         Version              Repository     Size

================================================================================

Installing:

 nmap                     i686         2:7.12-1.fc24        fedora        5.2 M

 python                   i686         2.7.12-6.fc24        updates        96 k

 python-libs              i686         2.7.12-6.fc24        updates       5.8 M

 python-pip               noarch       8.0.2-1.fc24         fedora        1.7 M

 python2-setuptools       noarch       20.1.1-1.fc24        fedora        417 k

 

Transaction Summary

================================================================================

Install  5 Packages

 

Total download size: 13 M

Installed size: 53 M

Is this ok [y/N]: y

Downloading Packages:

(1/5): python-2.7.12-6.fc24.i686.rpm            295 kB/s |  96 kB     00:00

(2/5): python-libs-2.7.12-6.fc24.i686.rpm       2.7 MB/s | 5.8 MB     00:02

(3/5): python-pip-8.0.2-1.fc24.noarch.rpm       711 kB/s | 1.7 MB     00:02

(4/5): python2-setuptools-20.1.1-1.fc24.noarch. 534 kB/s | 417 kB     00:00

(5/5): nmap-7.12-1.fc24.i686.rpm                836 kB/s | 5.2 MB     00:06

--------------------------------------------------------------------------------

Total                                           1.7 MB/s |  13 MB     00:07

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

  Installing  : python-libs-2.7.12-6.fc24.i686                              1/5

  Installing  : python-pip-8.0.2-1.fc24.noarch                              2/5

  Installing  : python2-setuptools-20.1.1-1.fc24.noarch                     3/5

  Installing  : python-2.7.12-6.fc24.i686                                   4/5

  Installing  : nmap-2:7.12-1.fc24.i686                                     5/5

  Verifying   : nmap-2:7.12-1.fc24.i686                                     1/5

  Verifying   : python-2.7.12-6.fc24.i686                                   2/5

  Verifying   : python-libs-2.7.12-6.fc24.i686                              3/5

  Verifying   : python-pip-8.0.2-1.fc24.noarch                              4/5

  Verifying   : python2-setuptools-20.1.1-1.fc24.noarch                     5/5

 

Installed:

  nmap.i686 2:7.12-1.fc24                     python.i686 2.7.12-6.fc24

  python-libs.i686 2.7.12-6.fc24              python-pip.noarch 8.0.2-1.fc24

  python2-setuptools.noarch 20.1.1-1.fc24

 

Complete!

Leave a comment