Nmap Basics-1

Nmap is an open-source tool that allows us to find out which ports are up or down, what services are running on the ports, and which operating system is used on the ports.

It sends various packets to the device and decides according to the response.

It also has useful features such as Firewall Detection, Vulnerability Scanning Exploitation, and NSE Scripts.

Installation

The package repositories of Redhat, Debian, and Arch-based Linux distributions contain nmap tool.

Redhat:

Debian:

Arch:

 

Target Specification

We need to specify a target, to use the nmap simply. The target can be a web address, IP address, or network address.

 

If you use Nmap without specifying any options, Nmap will scan the 1000 most commonly used ports with the SYN scan.

nmap default scan
  • For scanning the entire network

  • For scanning from a file

  • For scanning exclude target

Host Discovery

Sometimes, the devices do not respond to the ping scan, so we need to do a different scan technique

to find out if the host is up.

Nmap gives us the option to do host discovery with ICMP echo request and SYN / ACK / UDP packets.

If we don’t specify any parameters, nmap will make the host discovery by requesting ICMP echo request ,TCP SYN packet to port 443, TCP ACK packet to port 80 and ICMP timestamp request for host discovery.

Parameters
  • -sL: Lists all IP addresses without sending any packages.
  • -sn: Disables port scan after the host discovery.
  • -Pn: Skips host discovery. You can use this option to speed up port scanning.
  • -PS: Makes a host discovery by sending TCP SYN packets to specified ports. Can be used for firewall avoiding.

  • -PA: Makes a host discovery by sending TCP ACK packets to specified ports.Can be used for firewall avoiding.

  • -PU:  Makes a host discovery by sending UDP packets to specified ports. Can be used for firewall avoiding. Also, the possibility of error is high because the package is not guaranteed to receive.

  • -PE/ -PM/ -PP : Makes a host discovery by sending ICMP packets
  • -PR: Sends ARP request to the whole network, if ARP response comes it means the device is up.
  • -n:  We can use this parameter if we don’t want to DNS resolution.

Port Scanning

Nmap divides ports into six states: open, closed, filtered, unfiltered, open|filtered, or closed|filtered.

  • open: The port is open and running a service on this port.
  • closed: The port is closed. But it is accessible and there is no any service on the port.
  • filtered: Unknown whether the port is open or closed. There is filtering.
  • unfiltered: This response returns from Ack scan. The port is accessible. Unknown whether the port is open or closed.
  • open | filtered: The response is when the nmap cannot understand whether that port is open or filtered.
  • closed|filtered: The response is when the nmap cannot understand whether that port is closed or filtered.

Be the first to comment

Leave a Reply

Your email address will not be published.


*