Hello Dear Users
I am back, Again with a new tutorial, This time I am writing about a network scanner and reconnaissance tool called Network Map, in short NMAP, nmap lets you discover all the Live hosts on the Network, which services they are running, what are Operating system on those systems, what are the open ports and alot of stuff. Nmap is always the first tool that you would use in a network Penetration and Intrusion.
Nmap is built-in on most Unix based operation system but is ported to almost every operating system that exits today. To download nmap from its site http://nmap.org/download.html, the installation is pretty straight forward. I would recommend you use the zenmap, its graphical front end, as its easy to you and use the same commands.
Lets see few basic commands nmap.
we will try to see all the System that are UP, operating systems that those systems are running and all the open ports on those Systems.
Open zenmap, nmap graphical front-end (or nmap, commands for both are the same) and type in the following in command section and hot scan
#nmap -p 1-65535 -T4 -A -v 192.168.0.1/24
-T4 IP version 4
-A OS detection
-v verbose mode
then range of IPs to scan
Depending upon the size of network, this may take a while.
As you can see from the Image it has detect all the systems that are up including my main network router. lets see detail about each system that nmap has detected.
Initiating SYN Stealth Scan at 19:28
Scanning 192.168.0.1 [65535 ports]
Discovered open port 80/tcp on 192.168.0.1
Discovered open port 1980/tcp on 192.168.0.1
Completed SYN Stealth Scan at 19:29, 48.59s elapsed (65535 total ports)
Initiating Service scan at 19:29
Scanning 2 services on 192.168.0.1
Completed Service scan at 19:29, 6.04s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1 //(tries hard but couldn’t detect OS)
Retrying OS detection (try #2) against 192.168.0.1
Retrying OS detection (try #3) against 192.168.0.1
Retrying OS detection (try #4) against 192.168.0.1
Retrying OS detection (try #5) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 19:29
Completed NSE at 19:29, 8.65s elapsed
Nmap scan report for 192.168.0.1
WARNING: RST from 192.168.0.1 port 80 — is this port really open?
Host is up (0.00091s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
80/tcp open http GoAhead-Webs embedded httpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 400)
| http-title: Tenda 11N Wireless Router (detects what the hardware it is)
|_Requested resource was http://192.168.0.1/login.asp
1980/tcp open tcpwrapped
MAC Address: C8:XX:XX:XX:XX:XX (Tenda Technology Co.)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
It wont be successful every time you run it for the intended purpose but the information it provides will be enough for you to guess what you need.
Alternatively you can use the scan profiles that are built-in with zenmap which are from basic ping scans to slow comprehensive scan that may take really a long time (but will be stealth, hidden from IDS system), Remember, the more faster and quicker you are the more chance that you will be detected.
This was a very basic tutorial of nmap, I hope you liked it, for question and suggestion please leave your comment in comment box.