Nmap Tutorial

nmap_carrousel_02-jpg

What is Nmap ?

Nmap is a tool that can be used to scan networks, servers, routers. It is a security scanner used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. In some jurisdictions, unauthorized port scanning is illegal. Please be careful with that.

What are Network Packets ?

In simple words, a packet is a segment of data sent from one computer to another over a network. A packet contains the source, destination, size, type, data and other useful information that helps packet get to its destination. You will get a detailed understanding once I cover Circuit and Packet Switching.

Installing Nmap

sudo apt-get install nmap

Scanning Saumitra.co

nmap saumitra.co

Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-29 11:52 IST
Nmap scan report for saumitra.co (50.19.172.88)
Host is up (0.027s latency).
rDNS record for 50.19.172.88: ec2-50-19-172-88.compute-1.amazonaws.com
Not shown: 998 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 447.34 seconds

If you observe carefully, there is a “state” section. There are 4 kinds of states:

  • Open : Active and open to connections.
  • Closed : No services are running.
  • Filtered : Port protected by a firewall.
  • Unfiltered : Nmap cannot determine whether its open / closed.

You can even see the IP Address of the respective website. It even works if you type in “Nmap <IP>”.  Some of you might think what is SSH ? SSH is also knowns as Secure Socket Shell, which is a network protocol that provides admins with a secure way to access remote computer.

Scanning Multiple Targets at once

nmap <IP1> <IP2>

IP1 and IP2 can be IP addresses of devices on the Home network or IP of websites, servers, etc. It scans all the IP’s listed.

Scanning Range of IP’s

nmap 192.168.0.1-30

Scans range of IP’s which might take few minutes.

Scanning an Entire Subnet

nmap 192.168.0.0-255

This scans all devices from 0-255

Making a File with a List of IP Adresses

This is going to save us a lot of time if we create a text file with IP Adresses we wish to scan and then upload it.

cd Desktop/
touch list.txt
leafpad list.txt

Now, enter the IP Adresses you wish to scan.

cat list.txt
nmap -iL list.txt

where -iL is simply import from list. So, we do see how to simplify our work of scanning multiple IP’S.

Aggressive / Detailed Scan

I have no idea why is it called an Aggressive scan. However, it gives you a lot more detail about the server or the network.

nmap -A saumitra.co

It returns not only the Ports, Services and States but also the Traceroute. You will see a separate section showing you the traceroute (I cannot show you due to an internel error)

Now, the traceroute is useful because :

  • Suppose from your Computer you connect to Saumitra.co , it shows you all the routers used to get there, basically the path.
  • If you are connecting to some website and your connection is really slow, so you can use this to figure out the point path.

Detecting the Operating System

nmap -O saumitra.co

If the main aim is to detect the Operating System instead of going through the clutter, use this. It involves guess work.

Detecting Version of the Services Running

nmap -sV saumitra.co

Now,  apart from Ports, States, and Services, a section of Version is also available.

More Port Scanning Options

There are  65,535 ports available on your server. Surprisingly, 99% of the ports available are never used. Whenever Nmap looks at a server and starts scanning, by default, it is going to scan most popular ports (like SSH, ftp) because it takes time to scan ports. If you wish to scan top 100 ports and save time then use –

nmap -F saumitra.co

It cuts roughly to 1/10th of original time and is a lot faster.

Scanning a Specific Port

nmap -p 20-25,80,443 saumitra.co

It scans ports from 20-25 , 80 and 443.

Scan Every Single Port

nmap -p- saumitra.co

Scan Open Ports only

nmap --open saumitra.co

 

I hope you found this guide useful. If you have any doubt, feel free to ask.

Saumitra Kapoor

Leave a Reply

Bitnami