Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing.
It was designed to rapidly scan large networks, although it works fine against single hosts.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While
Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.CEH v10 Check a open ports Nmap
The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state.The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered when they are responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and
closed|filtered when it cannot determine which of the two states describe a port.
The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), Nmap provides
information on supported IP protocols rather than listening ports.
In addition to the interesting ports table, Nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses.
Features
Network administrators can use Nmap for network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Uptime is the time that the system has been "up" and running. So, an uptime of 100 hours means the machine has been running non-stop for 100 hours. Nmap guesses the uptime of the system. ... The uptime guess is labeled a “guess” because various factors can make it completely inaccurate.
Attacker uses Nmap to extract information such as live hosts on the network, services (application name and version), type of packet filters/firewalls, operating systems and OS versions.
It scans a large number of machines at one time.
It is supported by many operating systems It can carry out all types of port scanning techniques.
Another way to ping a host is by performing a ping using nmap. Using windows or linux command prompt. Using Windows or Linux command prompt, enter the following command :-
nmap -sP -v <target IP addresss>
nmap -sP -v 192.168.42.105
nmap -Pn 192.168.42.105
A typical Nmap scan is shown in Example 1. The only Nmap arguments used in this example are -A, to enable OS and version detection, script scanning, and traceroute; -T4 for faster execution; and then the hostname.
Example 1. A representative Nmap scan
nmap -A -T4 scanme.nmap.org
Nmap: Scan Methods Some of the scan methods used by Nmap:
Xmas tree: The attacker checks for TCP services by sending "Xmas-tree"
packets
SYN Stealth: It is referred to as "half- open" scanning, as a full TCP connection is not opened.
Null Scan: It’s an advanced scan that may be able to pass through firewalls unmolested.
Windows scan: It is similar to the ACK scan and can also detect open ports.
ACK Scan: Used to map out firewall ruleset
TCP Communication Flags
Standard TCP communication monitor the TCP packet header that holds the flags. These flahs govern the connection between hosts, and give istruction to the system. The followinga re the TCP communication flags :
Synchronize : also called SYN
- used to intitiate a connection between hosts
Acknowledgement : also called ACK
- Used in establishing connection between hosts
Push : PSH
- Instruction receiving system to send all buffered data immediately.
Urgent : URG
- States that the data contained in the packet should be processed immediately
Finished : also called FIN
- Tells remote system that there will be no more transmissions
Reset : also called RST
- Also used to reset a connection
SYN scanning mainly deals with three of the flags, namely, SYN, ACK, and RST. You can use these three flags for gathering illegal information from servers during the enumeration process.
How To Install Nmap ?
sudo apt-get install nmap
Help Command & Details about Nmap
man nmap
