Scribd
Upload
64 views

Nmap

Nmap is a tool used to scan networks and systems to identify open ports and operating systems. It has many scan types and can detect services, OS, and port states. The document discusses Nmap's capabilities and provides examples of simple scans to identify information about a target system.

Uploaded by

Gayathri Rachakonda
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
64 views

Nmap

Nmap is a tool used to scan networks and systems to identify open ports and operating systems. It has many scan types and can detect services, OS, and port states. The document discusses Nmap's capabilities and provides examples of simple scans to identify information about a target system.

Uploaded by

Gayathri Rachakonda
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

What can Nmap do?

Check if a host is alive (basically ping)


Detect operating sytem and/or services running on a live host
Ping sweeps
& MORE!

The Six Port States
Open: Means that there is an application running on a port which accepts
TCP/UDP/SCTP.
Closed: There is no application running on the port.
Filtered: A firewall or IPS (intrustion prevention system) is hindering nmaps
ability to determine whether or not the port is open because a packet filtering
device is blocking any probing nmap carries out.
Unfiltered: Similar to above, except there is no firewall or IPS but nmap does
not know whether or not it is open or closed.
Open filtered: Nmap cannot determine if the port is either open or filtered.
Closed filtered: Nmap cannot determind if the port is either closed or filtered.


Nmap is a very simple tool to actually use, the difficulty with using nmap resides in
when you use which type of scan (because there are ALOT). Nmap, like most command
line tools (thats right, we aren't using the GUI!) rely on "switches" to set options which
carry out specific tasks.


Below are a list of most of the types of scans nmap can support along with their
corresponding switches, I won't bother explaining them all because the guys at nmap
have already done that for you HERE.

Types of scans:
TCP Connect Scan -sT
SYN Stealh Scan -sS
FIN Scan -sF
Null Scan -sN
Xmas Tree Scan -sX
Ping Scan -sP
UDP Scan -sU
IP Protocol Scan -sO
Idle Scanning -sI
Version Detection Scan -sV
ACK Scan -sA
Windows Scan -sW
Operating System Detection -O -V



I am not going to do all of these scans, because that is just silly. Instead, I will carry
out a simple SYN stealth scan AND an operating system detection scan on one of my
machines.

BEFORE YOU BEGIN! Open the terminal and type:
Code:
apt-get install nmap

Always a good idea to have the most recent version.

Part 1. SYN Stealth Scan
"Part 1. SYN Stealth Scan" (Click to View)

Part 2. Operating System Detection
"Part 2. Operating System Detection" (Click to View)



You can see Nmap is a very simple but powerful tool and MUST be used before you ever
attempt a penetration test on another machine, it is crucial in determing running
services, open ports to exploit and the operating system of a target.

Note, with all the different scans in Nmap you are more than likely going to trip up
some packets that an IDS scans over alerting any network admins of your presence, so
knowing when to use the right scan is vital.

Moving on.


So, what do I do with open ports?

I have seen alot of people on HF looking purely for an exploit they can use blindly, they
have no comprehension of how it works or even why it is working. A lack of
understanding of TCP/IP and even common Router/Switch/Hub knowledge is lacking, so
I hope you can look at the nmap website and read how each scan works. If you don't
understand something like what is a SYN packet? what is the difference between TCP
and UDP? You should probably read a book on networking!!!!

Assuming you do have some basic knowledge though, once you have an open port, and
lets say its an open telnet port, you now know that it is possible to telnet into this
remote machine via its IP address and possibly get remote access! Of course chances of
this are slim as it is rare for computers nowadays to be running a telnet client let alone
a telnet server not to mention the probability that it will be password protected BUT you
get my drift.

Footprinting and scanning are easily the two most important aspects of penetration
testing, unless you are a skid of course who simply downloads and exploit or uses
metasploit blindly asking "haow to eXpl01t windows 7 gaiz?" you are never going to
learn anything that will actually help you penetrate systems.


Hope you enjoyed, it is good to explain the less flashy side of hacking (I refer to
exploitation and

privelege escalation as the flashy side) because that is what most of hacking is despite
what movies and the media like to show you.

Next upcoming tutorial is on the recently made popular RA flood which can down very
large networks that

have IPv6 support at a local level. It is also incredibly simple (literally 1 line at the
terminal)and more or less a script kiddie tool but I hope to explain it in detail so people
gain some knowledge and not remain ignorant.

You might also like