Nmap short for Network Mapper is a command-line utility used to scan large networks as well as small hosts. These scans are done using IP packets that are sent to the host network or device and the response packets then are analyzed by the nmap. Nmap is a must if anyone wants to be better at networking.
What is Nmap?
Nmap is a command-line network scanner. It sends IP packets to the host devices and after receiving the response pacekts it analyzes then to detect what ports are open, detects vulnerabilities, can tell what OS is installed on the system and applications as well. It was written to map entire netowrk and find open ports and services and over time have beocame a must and very useful tool for hackers and system admins in the tech world. Nmap was also featured in The Matrix Movie.
Features of Nmap
Nmap can be very useful in Networking and thats becasue of the following features.
- Finding Hosts on the target network by sending packets and anlyzing the TCP response
- Checking for Open Ports on the Host Network
- Detecting the OS installed and other Hardware Characteristics etc
- Can Attack systems using existing Nmap Scripts with Nmap Scripting Engine
Using Nmap
Now to some Nmap commands to scan networks and finding target OS etc.
Scanning Running Devices
You can check what device is runnig by the ping command by providing device's IP address but the ping command can only do one device at a time, So the Nmap will help you here.
root@User:~$ nmap -sP 192.168.10.1/24
The above command with -sP switch pings all the devices on the network to check if they are running or not.
Scan A Single Host
This command will scan for 1000 well-known ports of the host and shows if any one of them is open.
root@User:~$ nmap -sT 192.168.10.1
Scanning A Specific Port
Nmap can also scan one or multiple ports defined in the command before the host IP.
root@User:~$ nmap -p 80 192.168.10.1
# Scanning a single port 80
root@User:~$ nmap -p 80-90 192.168.10.1
# Scanning ports 80 To 90
root@User:~$ nmap --top-ports 100 192.168.10.1
# Scanning top 100 ports
Version Scanning
Nmap can also detect what versions of the software are being used by the host. But why find some software's version?
This scan is done because if you know some software's versionyou can lookup what vulnerability that software at that version had to later exploit it.
root@User:~$ nmap -sV 192.168.10.10
Knowing a software's version can be very helpful if you want to take down a system or hack into a machine but remember that nmap version detection is not 100% accurate. Always update your softwares to the latest versions.
OS Scanning
The same command can provide information about the OS installed and its uptime but they are also not completely accurate but that just adds up to the info that can help in the pen-testing.
Stealth Scanning
A Stealth Scan is a type of scan that does not completes a three-way handshake and will make it harder for the target to identify the scanning system. There-way-handshake is done by TCP to open a TCP connection. The stealth scan only sends syn packet and analyzes the respone.
root@User:~$ nmap -sS 192.168.10.10
Aggressive Scanning
This scan does it all. OS detection, version scanning, traceroute, script scanning, port scanning etc all done with a single command using the -A flag with the host address. This is called an aggressive scan and it provides much better information than the regular scans but it can be detected by the target's system firewall.
root@User:~$ nmap -A 192.168.10.1
There are many more kind of scans that Nmap can do and also there are prewritten scripts that can be used to find vulnerabilities in the target systems all by using Nmap. So thats it for today.
zainsci