Recent

Nmap basic scanning techniques

What is Nmap

Nmap stands for Network Mapper.NMAP is a free open source network mapping tool.It is written in c,cpp,python and lua.

Nmap is one of most common tools used by security professionals.It offers many features.

Features of NMAP:

  1. Nmap discovers hosts and services offered by the hosts on a network.Services like ftp,ssh,smtp,mysql and http etc.
  2. Host Discovery,port Scanning, Operating System detection.
  3. Nmap can bypass firewalls and find vulnerabilities on a network.
  4. NMAP provides useful information of your targets, like reverse DNS names, operating system guesses, device types, and MAC addresses.

For more information about NMAP go to the official website

Now let's explore it's feature practically so fire up your terminal.

Scan a single host

root@seven:~# nmap  linuxxcomputing.com

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-12-19 06:24 EST
Nmap scan report for linuxxcomputing.com (107.180.0.245)
Host is up (0.032s latency).
rDNS record for 107.180.0.245: ip-107-180-0-245.ip.secureserver.net
Not shown: 986 filtered ports
PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    open   ssh
25/tcp    open   smtp
80/tcp    open   http
 

When scan is complete you see three columns PORT displays the port number.STATE displays it's state it will be either open ,closed or filtered.The above command scans for basic services running on the server.

OPEN POTS

Open ports means it is active and open.It is ready to accept connection.It is most common vulnerability. From the above scan result you can see that i have ftp port open.Hackers exploit this vulnerability by bruteforcing usernames and passwords.

Close PORT

If port state is close then it means that most likely it does not have any services running.

Filtered PORTS

It means that port is protected by the firewall.

Scan Host with an ip address

root@seven:~# nmap 107.180.0.245

Scan multiple hosts

Nmap scans multiple hosts just supply multiple host names for best results scan one host at a time.

root@seven:~# nmap linuxxcomputing.com google.com

Detailed Scan

A detailed scan gives you detailed information about your target.It tries to guess operating system and version. It returns ports and servcies.It also returns traceroute. Traceroute shows all the routers you used to reach there.Check each line of scan carefully you will find plenty of info.

root@seven:~# nmap -A linuxxcomputing.com
Nmap scan report for linuxxcomputing.com (107.180.0.245)
Host is up (0.0054s latency).
rDNS record for 107.180.0.245: ip-107-180-0-245.ip.secureserver.net
Not shown: 999 filtered ports
PORT     STATE SERVICE    VERSION
3306/tcp open  tcpwrapped
| mysql-info: 
|   Protocol: 53
|   Version: .5.45-cll-lve
|   Thread ID: 2344927
|   Capabilities flags: 63487
|   Some Capabilities: LongPassword, DontAllowDatabaseTableColumn, IgnoreSpaceBeforeParenthesis, SupportsTransactions, ConnectWithDatabase, IgnoreSigpipes, Support41Auth, Speaks41ProtocolOld, FoundRows, Speaks41ProtocolNew, SupportsLoadDataLocal, InteractiveClient, SupportsCompression, LongColumnFlag, ODBCClient
|   Status: Autocommit
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
RACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.06 ms 192.168.150.2
2   0.11 ms ip-107-180-0-245.ip.secureserver.net (107.180.0.245)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 92.33 seconds

Detect Operating System

You must supply -O option to detect OS of your target.

root@seven:~# nmap -O linuxxcomputing.com

PORT Scanning with nmap

Before scanning ports there is one thing you must know about ports that there are 65535 ports available on your server. When you scan ports by default it only scans 1000 most popular ports.Reason for this is if it scans all the 65535 ports then it will take a lot of time.Only 40 or may be more ports are used.

root@seven:~#  nmap -F linuxxcomputing.com

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-12-19 08:04 EST
Nmap scan report for linuxxcomputing.com (107.180.0.245)
Host is up (0.17s latency).
rDNS record for 107.180.0.245: ip-107-180-0-245.ip.secureserver.net
Not shown: 93 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
3306/tcp open  mysql

The above command uses -F flag for fast scan and returns ports and services offered by the server.

Scan for specific port

If you want to scan a specific port then you must give port number along with -p option.

root@seven:~# nmap -p 21 linuxxcomputing.com

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-12-19 08:13 EST
Nmap scan report for linuxxcomputing.com (107.180.0.245)
Host is up (0.00036s latency).
rDNS record for 107.180.0.245: ip-107-180-0-245.ip.secureserver.net
PORT   STATE    SERVICE
21/tcp filtered ftp

Scan ports with specific range

You can specify a certain range to scan ports.Below scan will scan ports between 20-44.

root@seven:~# root@seven:~# nmap -p 20-443 linuxxcomputing.com

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-12-19 08:19 EST
Nmap scan report for linuxxcomputing.com (107.180.0.245)
Host is up (0.036s latency).
rDNS record for 107.180.0.245: ip-107-180-0-245.ip.secureserver.net
Not shown: 419 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap

Scan only open ports

With --open option we can scan the open ports.

 nmap --open 107.180.0.245

Save scan result to a file

If you are doing a detailed scan then it's always good idea to save it's results into a file.

root@seven:~# nmap -A -oN /root/Desktop/result.txt  linuxxcomputing.com

-o is for output file and N for a new text file.You can use X for saving to XML file.

Scan for live hosts

The below command will scan all the 256(Usable 254) hosts and finds the live hosts on your network.

root@seven:~# root@seven:~# nmap 192.168.0.1/24 

These are some basic scanning technique that you must know.I hope it helped you share it among your friends thanks.