If you are a penetration tester or in field of networking. There are pretty high chances that you must have used nmap once in your lifetime… How am I so sure? Let’s leave it to the article, to know how nmap is such a great tool to have in your arsenal if you’re anywhere dealing with networking or scanning different ports.
What is NMAP?
Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.
What is Port Scanning?
A port scan can be used to identify the in use on specific ports by the available hosts. Port scanning will typically classify ports into one of three categories:
Open: The target host responds with a packet indicating it is listening on that port.
Closed: The target host received the request packet but responds back with a replies with FIN packet. What’s that? Coming soon…
Filtered: This typically indicates that the request packet has been filtered out and dropped by a firewall & sends no reply back.
Types scans in NMAP?
- SYN Scan
- TCP Connect Scan
- Ping Sweep
- UDP Scan
- FIN Scan
- XMAS Scan
- Idle Scan
- Windows Scan
- RPC Scan
- NULL Scan
- Bounce Scan
These are some of the very known scans by nmap. But don’t worry you don’t always need to remember those. The fact is there are always cheatsheets available online for it. XD
To Be Remembered
Now the things for you to remember is… That in a firefight you must know what type of scans you can possible run on you target to get the most out of it. Please consider giving a look at the below table for the way we use scans:
- Nmap scan from file
- Nmap Output Formats
- Target Specification
- Host Discovery
- Script Scan
- OS Detection
- Timing Consideration
Options which take TIME are in seconds, or append ‘ms’ (milliseconds), ‘s’ (seconds), ‘m’ (minutes), or ‘h’ (hours) to the value (e.g. 30m).
— — -T 0–5 =Set timing template — higher is faster (less accurate)
Zenmap, the Nmap GUI
Zenmap is the Nmap security scanner graphical user interface and provides for hundreds of options. It lets users do things like save scans and compare them, view network topology maps, view displays of ports running on a host or all hosts on a network, and store scans in a searchable database.
Let’s talk about a bit hacking
While port scanning per se is not illegal, at least under U.S. federal law, Nmap’s features are certainly useful to malicious hackers probing for vulnerabilities to exploit. Certain uses of the software, especially without permission, can get you fired or in legal trouble, even if you’re doing a vulnerability scan for benign purposes.
While some Nmap scans are fairly light touch and may not set off alerts, it’s always best to get your scans approved with the appropriate people in your organization. Be aware that many Nmap options, such as OS fingerprinting, require root privilege. When in doubt about the legality of what you want to do, especially when you are working alone and don’t have an organization’s legal team to consult, speak to a lawyer with expertise in computer fraud and abuse.
Let me know if you liked this article and want more articles on nmap at advance level. I’ll be happy to post.