A simple tutorial for network scanning software (nmap)

November 5th, 2007 mysurface Posted in Network, nmap | Hits: 77612 | 4 Comments »

Nmap is an open source network scanning software, it could help one to investigate simple network issues and also it may be use as a security vulnerability assessment tools. Nmap support a lots of options, when you type

nmap --help

The list of nmap options could not even feed a page of virtual terminal, which sometime it may scares casual users away. The fact is, normal usage of nmap is as simple as the common command line such as ls, cd, cat. You just need to specified your target IP address or hostname.

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-05 15:30 MYT
Interesting ports on
Not shown: 1693 filtered ports
20/tcp closed ftp-data
21/tcp closed ftp
23/tcp closed telnet
80/tcp open   http

Nmap finished: 1 IP address (1 host up) scanned in 30.615 seconds

Simple, isn’t it?

How about the entire network domain?


Or you can also do this:

nmap 192.168.1.*

So what does nmap do?
Nmap have two basic scan types, TCP connect() scanning(-sT) and TCP SYN stealth scan(-sS). TCP connect() scan performs scanning by actually begin a connection to the targeted host. The disadvantages of connect scan is it is very easy to detect on the system being scanned. Therefore TCP SYN was developed. TCP SYN try to initiate connect too, but it assume port is open after receiving back SYN packet. To understand further, you need to read up TCP/IP’s three way handshake. But bare in mind, you may not detect the open ports by SYN TCP if the targeted system performs filtering on their ports.

So what is the default scan type while you didn’t specified them? We can know it by specified -v. Try to run the command using normal user and root, you will discovered that if you are using root, SYN TCP scan will be use, else it will be TCP connect().

nmap -v 192.168.1.*

Can I have better output result instead of standard output?
Yes, I like the xml output, with the xml output, I can view it in Firefox, which it contain hyperlink for every scanned host for easy access to the host ‘s data.

nmap 192.168.1.* -oX scanresult.xml

For more advance options, you can read up the man pages, or check out http://www.nmap-tutorial.com/, I find the nmap tutorial very readable, it is really a great tutorial.

4 Responses to “A simple tutorial for network scanning software (nmap)”

  1. […] sourced here […]

  2. Wow! After all I got a weblog from where I know how to truly take useful data regarding my study and knowledge.

  3. You may consider the following instructions when such bad things happens
    you must unplug the SD cards to prevent the files for father loss.

    Encompassing many preloaded apps like multi-touch input, accelerometer sensor for UI
    auto-rotate and proximity sensor for auto turn-off provides this smartphone
    an apparent look. Make yourself a professional photographer, just by capturing
    some moments of your choice.

  4. I do trust all the concepts you’ve offered to your post.
    They are very convincing and can certainly work. Still, the
    posts are very short for newbies. May just you please lengthen them a little from subsequent time?

    Thank you for the post.

Leave a Reply