A simple tutorial for network scanning software (nmap)

November 5th, 2007 mysurface Posted in Network, nmap | Hits: 47772 | 1 Comment »

Nmap is an open source network scanning software, it could help one to investigate simple network issues and also it may be use as a security vulnerability assessment tools. Nmap support a lots of options, when you type

nmap --help

The list of nmap options could not even feed a page of virtual terminal, which sometime it may scares casual users away. The fact is, normal usage of nmap is as simple as the common command line such as ls, cd, cat. You just need to specified your target IP address or hostname.

nmap 192.168.1.1
Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-05 15:30 MYT
Interesting ports on 192.168.1.1:
Not shown: 1693 filtered ports
PORT   STATE  SERVICE
20/tcp closed ftp-data
21/tcp closed ftp
23/tcp closed telnet
80/tcp open   http

Nmap finished: 1 IP address (1 host up) scanned in 30.615 seconds

Simple, isn’t it?

How about the entire network domain?

nmap 192.168.1.1/24

Or you can also do this:

nmap 192.168.1.*

So what does nmap do?
Nmap have two basic scan types, TCP connect() scanning(-sT) and TCP SYN stealth scan(-sS). TCP connect() scan performs scanning by actually begin a connection to the targeted host. The disadvantages of connect scan is it is very easy to detect on the system being scanned. Therefore TCP SYN was developed. TCP SYN try to initiate connect too, but it assume port is open after receiving back SYN packet. To understand further, you need to read up TCP/IP’s three way handshake. But bare in mind, you may not detect the open ports by SYN TCP if the targeted system performs filtering on their ports.

So what is the default scan type while you didn’t specified them? We can know it by specified -v. Try to run the command using normal user and root, you will discovered that if you are using root, SYN TCP scan will be use, else it will be TCP connect().

nmap -v 192.168.1.*

Can I have better output result instead of standard output?
Yes, I like the xml output, with the xml output, I can view it in Firefox, which it contain hyperlink for every scanned host for easy access to the host ‘s data.

nmap 192.168.1.* -oX scanresult.xml

For more advance options, you can read up the man pages, or check out http://www.nmap-tutorial.com/, I find the nmap tutorial very readable, it is really a great tutorial.

One Response to “A simple tutorial for network scanning software (nmap)”

  1. [...] sourced here [...]

Leave a Reply