Explore the network with Nmap
Nmap is a tool for port scanning the internet. A port is the point admission, physical or logical, of a connection through which you transfers made between files. Nmap has infinite utility, we think that most of the vulnerabilities will find them with this small but great tool. To give some examples, Nmap allows us to know which ports are open or closed on a particular system, or to find out what the Operating System in use. The best method of doing this is to send an IP input (Internet Protocol that identifies the network) and commands that want.
To start Nmap must open the console and type:
What Support will follow is a list of Nmap, which shows all the commands available with much of an explanation. Immediately verify which ports are open on our computer, to do so must be given as input:
nmap -sS (your_ip)
and press enter. Of course this command you can do so with an ip address differently so as to identify its doors open or closed. (I remind you that you must perform these tests on the systems you have, otherwise it is a criminal offense).
Now we’ll discover how to identify the operating system of a machine. Let us then be input:
nmap -sS-O-V (ip_address)
The -sS we saw earlier, is used to enable the O-mode OS Detection and -V will also show us a possible version of the system operating. The table below shows a ‘complete list of options available.
EXPLORE THE HOST:
• -sL: Scanning a list. Easiest method.
• -sP: Ping Scanning. Useful for determining whether a host is online
• -P0: Avoid at all switching host lookup
• -PS/PA/PU [portlist]: Send TCP SYN / ACK or UDP ports indicated
• -sS/sT/sA/sW/sM: port scans in general
• -sN/sF/sX: Port Scan with outptup of open and closed
• – scanflags <flags>: A type of scan “custom”
•-sO: Allows you to determine which IP protocols are supported.
•-b <ftp relay <host>: Allows you to connect to an FTP server and asks, Then send the files to a different FTP server
SPECIFICATIONS FOR THE PORTS:
• -p <port ranges>: Scan specified ports Example:-p22;-p1-65535;-p U: 53,111,137, T :21-25, 80,139,8080
• -F: Fast – Scanning only the ports listed in nmap-service
• -r: Scanning ports consecutively
SERVICE / VERSION NOTED:
• -sV: Check open ports to determine current services or information
• – version_light: Version a little ‘more limited, useful for speeding up the search
• – version_all: Try every single probe-packet on every port
• – version_trace: Show debugging information about the activities of scanning version
• -O: Enable OS detection
• -osscan_limit: Detect operating limit
• -osscan_guess: Guess OS more “hard”
TIMING AND PERFORMANCE:
• -T [0-6]: Set the model of timing (the higher the value, it’s fast)
• –min_hostgroup/max_hostgroup <msec>: Adjusts the size of groups for scans parallel
• –min_parallelism/max_parallelism <msec>: Changes in parallel
• –min_rtt_timeout/max_rtt_timeout/initial_rtt_timeout<msec>: Edit out
• – host_timeout <msec>: Stop the search if the host is not respond
• –scan_delay/–max_scan_delay <msec>: Edit delays
FIREWALL / IDS EVASION AND SPOOFING:
•-f, – mtu <val>: Fragmented Packets
• D-<decoy1,decoy2[,ME],…>: Covers a scan using bait
• S-<IP_Address>: Soofing entire source
•-e <iface>: Use the specified interface
• -g/–source_port <portnum>: Use the port number chosen (spoofing)
• – spoof_mac <mac address, prefix, or vendor name>: Spoofing the MAC (hardware)
• -oN/-oX/-oS/-oG <file>: Output normal, XML, Script Kiddie (XD) and grepable.
• <basename>-oA: Output of all sizes
• -v: Verbose Mode (provides more information)
• -d [level]: Increase levels or configure debugging
• – packet_trace: Show all packets sent and received
• – iflist: Show host interfaces
• – append_output: Queue output file
• – <filename> resume: Resume an aborted scan
• -6: Enable IPv6 scanning with
•-A: Enables OS detection and version detection
• – privileged: Assume the privileges of Total
•-V: Return the version of Nmap
•-h: Displays a list of all available commands.
These listed above are almost all commands available (they are missing 3-4 and I have not included because I think they are not very useful). As we have seen Nmap can do everything and more, by port scanning, identification of the operating system and from circumventing MAC Spoofing the firewall, doors and more. I remind you that to know the best Nmap need lots of practice… well as a whole, moreover, is not it?