Nmap is an open source network scanning software, it could help one to investigate simple network issues and also it may be use as a security vulnerability assessment tools. Nmap support a lots of options, when you type
The list of nmap options could not even feed a page of virtual terminal, which sometime it may scares casual users away. The fact is, normal usage of nmap is as simple as the common command line such as ls, cd, cat. You just need to specified your target IP address or hostname.
Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-05 15:30 MYT Interesting ports on 192.168.1.1: Not shown: 1693 filtered ports PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp closed ftp 23/tcp closed telnet 80/tcp open http Nmap finished: 1 IP address (1 host up) scanned in 30.615 seconds
Simple, isn’t it?
How about the entire network domain?
Or you can also do this:
So what does nmap do?
Nmap have two basic scan types, TCP connect() scanning(-sT) and TCP SYN stealth scan(-sS). TCP connect() scan performs scanning by actually begin a connection to the targeted host. The disadvantages of connect scan is it is very easy to detect on the system being scanned. Therefore TCP SYN was developed. TCP SYN try to initiate connect too, but it assume port is open after receiving back SYN packet. To understand further, you need to read up TCP/IP’s three way handshake. But bare in mind, you may not detect the open ports by SYN TCP if the targeted system performs filtering on their ports.
So what is the default scan type while you didn’t specified them? We can know it by specified -v. Try to run the command using normal user and root, you will discovered that if you are using root, SYN TCP scan will be use, else it will be TCP connect().
nmap -v 192.168.1.*
Can I have better output result instead of standard output?
Yes, I like the xml output, with the xml output, I can view it in Firefox, which it contain hyperlink for every scanned host for easy access to the host ‘s data.
nmap 192.168.1.* -oX scanresult.xml
For more advance options, you can read up the man pages, or check out http://www.nmap-tutorial.com/, I find the nmap tutorial very readable, it is really a great tutorial.