Security Tools

NMAP Tutorial

I think everyone in the security field known this popular tool, recently evolved into the 5.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and many other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Nmap was originally command line tool that has been developed for only Unix/Linux based operating system but now its windows version is also available and eases to use

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

For a quick and simple scan use.

$ nmap 192.168.x.x

Starting Nmap 5.21 ( at 2011-04-10 23:06 PKT

Nmap scan report for 192.168.x.x

Host is up (0.0012s latency).

Not shown: 997 filtered ports


21/tcp open ftp

23/tcp open telnet

80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 10.62 seconds

Nmap – Interesting options

-f fragments packets

-D Launches decoy scans for concealment

-I IDENT Scan – find owners of processes (on UNIX systems)

-b FTP Bounce

Port Scan Types

TCP Connect scan

TCP SYN scan

TCP FIN scan

TCP Xmas Tree scan (FIN, URG, and PUSH)

TCP Null scan

TCP ACK scan

UDP scan

Nmap works on the basic scanning types like:

TCP connect() scanning

TCP SYN scanning

TCP FIN scanning

Fragmentation scanning

TCP reverse ident scanning

FTP bounce attack

UDP ICMP port unreachable scanning

UDP recvfrom() and write() scanning

ICMP echo scanning

Operating system detection or OS fingerprinting is the important part of scanning you should know about the operating system of target machine to launch an available exploit on it. Nmap provides you know about running operating system although you can find it by using banner grabbing but why doing too much job. Use -O for operating system.

$ nmap -O 192.168.x.x

Leave a Reply

Your email address will not be published. Required fields are marked *