6/25/2011

NMAP 1

NMAP 1

nmap or Network Mapper ,it's a security scanner ,used to (scan ports , OS fingerprinting ,banners and others ) in range of network or a specific machine .
it's written by Faydor
Now we want to use this program to scan our system to know what banners will shown to attacker , and open ports that is not useful to my system and i have to close it or shutdown these services that works on these ports .
1 - installation:
you can download it from nmap

2- some explanation :

when i write command nmap it will show a lot of options or (techniques) ,

will explain with the most commonly used techniques.

-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans

-sU: UDP Scan

-sN/sF/sX: TCP Null, FIN, and Xmas scans

--scanflags <flags>: Customize TCP scan flags

-sI <zombie host[:probeport]>: Idle scan

-sY/sZ: SCTP INIT/COOKIE-ECHO scans

-sO: IP protocol scan

-b <FTP relay host>: FTP bounce scan

-------------
-sS

it's TCP SYN the default scanning operation and it's fast and can scan larg range of ports in seconds

it's scan TCP ports by making half open connection (when pc1 want to connect with pc2 by TCP port by three hand shake ,it's occur by sequence 1- pc1 send SYN packet 2- pc2 send SYN/ACK packet 3- pc3 send ACK packet) this called three hand shake , so in half open connection there is no ACK packet

it's more safe and stealthy

-sT

it's TCP connect() , it's also scan TCP ports but with complete three hand shake , it's establish a connection between client and server , it's not stealthy and may be scan operation is logging (because it's establish a connection )

-sU

used to scan UDP ports .

-sY

(Stream Control Transmission Protocol) it's combining most characteristics of TCP and UDP protocols

it's equivalent to TCP SYN scanning (make half open connection)





3- usage :
simply by command nmap -technique ip address or host name

for example: nmap -sS localhost
let's apply this command nmap -sS localhost   
result:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-26 02:25 EEST
Interesting ports on example (127.0.0.1):
Not shown: 997 closed ports
PORT     STATE SERVICE
111/tcp  open  rpcbind
631/tcp  open  ipp

Nmap done: 1 IP address (1 host up) scanned in 1.22 seconds

 
it's mean i have just two ports open (111 and 631) services (rpcbind and ipp)
 
 and by applying nmap -sU localhost   
result:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-26 02:43 EEST
Interesting ports on example (127.0.0.1):
Not shown: 997 closed ports
PORT     STATE         SERVICE
111/udp  open|filtered rpcbind
631/udp  open|filtered ipp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 2.47 seconds



now i have three UDP ports open but filtered (by firewall)
and close unused ports and services will discuss later

now we have addition features :
  •  OS detection : used to detect OS 
         by using command nmap -O ip address or host name
  • Service and Version Detection :used to detect services name and version of demons that runs on these services

    by using command nmap -sV ip address or host name

  • detect both OS  and Service and Version :

    by using command nmap -A ip address or host name


No comments:

Post a Comment