18th December 2024

Installing Nmap and Nmap Basics-1

Nmap is an open-source tool that allows us to find out which ports are up or down, what services are running on the ports, and which operating system is used on the ports.

It sends various packets to the device and decides according to the response.

It also has useful features such as Firewall Detection, Vulnerability Scanning Exploitation, and NSE Scripts.

Installation

The package repositories of Redhat, Debian, and Arch-based Linux distributions contain the Nmap tool. It comes preinstalled in Kali linux.

Redhat:

#yum install nmap

Debian:

#apt-get install nmap

Arch:

#pacman -S nmap

 

Target Specification

We need to specify a target, to use the Nmap simply. The target can be a web address, IP address, or network address.

#nmap systemconf.com
#nmap 192.168.0.1
#nmap 192.168.0.0/16

 

If you use Nmap without specifying any options, Nmap will scan the 1000 most commonly used ports with the SYN scan.

nmap default scan
Nmap default scan

 

  • For scanning the entire network
nmap 192.168.1.0/24
  • For scanning from a file
nmap -iL ip.txt
  • For scanning exclude target
nmap 192.168.1.0/24 --exclude 192.168.1.1

Host Discovery

Sometimes, the devices do not respond to the ping scan, so we need to do a different scan technique

to find out if the host is up.

Nmap gives us the option to do host discovery with ICMP echo request and SYN / ACK / UDP packets.

If we don’t specify any parameters, Nmap will make the host discovery by requesting ICMP echo request, TCP SYN packet to port 443, TCP ACK packet to port 80 and ICMP timestamp request for host discovery.

Parameters
  • -sL: Lists all IP addresses without sending any packages.
  • -sn: Disables port scan after the host discovery.
  • -Pn: Skips host discovery. You can use this option to speed up port scanning.
  • -PS: Makes a host discovery by sending TCP SYN packets to specified ports. Can be used for firewall avoiding.
nmap -PS 22,80,443 192.168.1.0/24
  • -PA: Makes a host discovery by sending TCP ACK packets to specified ports.Can be used for firewall avoiding.
nmap -PA 22,80,443 192.168.1.0/24
  • -PU:  Makes a host discovery by sending UDP packets to specified ports. Can be used for firewall avoiding. Also, the possibility of error is high because the package is not guaranteed to receive.
nmap -PU 22,80,443 192.168.1.0/24
  • -PE/ -PM/ -PP : Makes a host discovery by sending ICMP packets
  • -PR: Sends ARP request to the whole network if ARP response comes it means the device is up.
  • -n:  We can use this parameter if we don’t want to DNS resolution.
LEARN MORE  Getting Information from the Operating System or Services on it - Banner Grabbing in Penetration Tests

Port Scanning

Nmap divides ports into six states: open, closed, filtered, unfiltered, open|filtered, or closed|filtered.

  • open: The port is open and running a service on this port.
  • closed: The port is closed. But it is accessible and there is no service on the port.
  • filtered: Unknown whether the port is open or closed. There is filtering.
  • unfiltered: This response returns from the Ack scan. The port is accessible. Unknown whether the port is open or closed.
  • open | filtered: The response is when the Nmap cannot understand whether that port is open or filtered.
  • closed|filtered: The response is when the Nmap cannot understand whether that port is closed or filtered.

Leave a Reply

Your email address will not be published. Required fields are marked *