All about Nmap

 Posted on January 8, 2023  |  24 minutes  |  5035 words  |  Fernande Dalal

While there are many advanced monitoring tools that serve as a great help to network administrators in port scanning and detecting network vulnerabilities, Nmap is still considered a standard tool. ink. Why is that?

Network administrators, IT managers and security experts have been, and will face a never-ending battle on the battlefield named cyber security.They will have to constantly check their network to find out the harmful agents as well as the hidden security holes.While there are currently a number of monitoring utilities available to assist professionals in network mapping and security control, Nmap is the number one choice for flexibility and portability. These practices have made it awidely recognizedport scanning and security vulnerabilityworldwide.

All about Nmap

  • What is Nmap?
  • Nmap in port scan
  • Nmap and the path to success
  • What operating systems does Nmap work on?
  • How to use Nmap
  • Nmap commands for beginners
  • Nmap Scripting Engine (NSE)
  • Zenmap - Nmap's interface
  • What's new in Nmap
  • Is Nmap being used for unauthorized behavior?
  • Nmap resources
  • Download Nmap where?

    • What is Nmap?

    Picture 1 of All about Nmap

    Nmap (full name Network Mapper)is a security tool developed by Floydor Vaskovitch.Nmap isopen source, free, used forport scans and security holes.Network administrators use Nmap to determine which devices are running on their systems, as well as find out which servers are available and the services they provide, and search for them. open ports and detect security risks.

    Nmap can be used to monitor individual servers as well as large network clusters including hundreds of thousands of devices and multiple subnets.

    Although Nmap has been constantly developed, improved over the years and extremely flexible, its platform is still a port scanning tool, gathering information by sending raw packets to system ports. system.It then listens and analyzes the responses and determines whether those ports are opened, closed, or filtered in some way, such as a firewall.Other terms used to refer to port scanning include port detection (discovery) or port enumeration (enumeration).

    Picture 2 of All about Nmap

    Nmap in port scan

    The data packets sent by Nmap return IP addresses and other related data, allowing you to identify network attribute types, provide you with network records or diagrams and allow you to create an evaluation list of hardware and software in that network.

    Different network protocols use different types of packet structures.Nmap uses layer protocols including TCP (transmission control protocol), UDP (user query protocol), and SCTP (flow control protocol), as well as support protocols such as ICMP ( Internet control message protocol, used to send error messages).

    Different protocols serve different purposes and system ports.For example, UDP's low resource costs are well suited to real-time online video streaming, where you'll sacrifice some lost data packets in exchange for speed, while videos are Non-real-time streams on YouTube will be cached and slower using TCP, although this protocol is more reliable.

    Along with many other features, the basic port scanning and packet capture capabilities (packet-capture -packet blockingfeaturethat is passing or moving through a specific computer network)of Nmap are also constantly being upgraded. upgrade, improve.

    Gordon Lyon, author of Nmap, shared in an email response to software queries that his company is now focusing on upgradingNpcappacket capture featuredriversand libraries for Windows. ."It makes Nmap faster and more powerful on Windows and is also being used by many other applications. We have released eight releases of Npcap this year," Gordon Lyon said.

    Nmap and the path to success

    Nmap was written on C ++ platform and was first introduced with the source code in Phrack magazine in September 1997. It was later expanded with C, Perl and Python.Author Gordon Lyon used the pseudonym Fyodor Vaskovitch.Fyodor Vaskovitch said he chose this pseudonym because he was impressed after reading Fyodor Dostoevsky's notes from the Underground.

    Picture 3 of All about Nmap

    Throughout the years since its launch, Nmap has benefited from the growing contribution of the growing fan community and developers, and now the application has a number of downloads up to thousands of times every day.Along with support from the tech world, Nmap has been well known among the public, who do not have much network security expertise through movie movies.In these films Nmap has become a breakthrough tool for directors along with the acting of stars like Rihanna and Kate Mara.Nmap made its first appearance in the movie The Matrix Reloaded, in which Trinity character Carrie-Anne Moss portrayed her impressive ability to unlock security using the Nmap software correctly.

    What operating systems does Nmap work on?

    One of the reasons for Nmap's widespread popularity is that it can be used on many different operating systems.It works on Windows and macOS and is supported on Linux distributions including Red Hat, Mandrake, SUSE and Fedora.It also works well on other operating systems including BSD, Solaris, AIX and AmigaOS.

    How to use Nmap

    It is not difficult to find a range of free network monitoring utilities as well as free open source vulnerability scanning tools available for network administrators and security controllers.However, what makes Nmap stand out as an information technology tool that any network manager needs to know is its flexibility and power.In addition to the basic function of Nmap as port scanning, it also provides users with a range of related features including:

  • Network mapping : Nmap can identify devices that are active on the network (also known as server detection), including servers, routers and how they are physically connected. how.
  • Operating system detection (OS detection): Nmap can identify the operating systems of devices running on the network (also known as OS fingerprinting), while providing information about providers and operating systems. base, software version and even estimate the device's uptime.
  • Service discovery (Service discovery) : Nmap can not only identify servers that are operating on the network, but also determine which services they are providing.Can be mail, web or name servers.As well as identifying specific applications and versions of the software they are running.
  • Security auditing : Nmap can find out which version of the operating system and application is running on network servers, thereby allowing network administrators to identify general weaknesses that correspond to Specific vulnerabilities.For example, if the network administrator receives vulnerability alerts in each specific version of the application, he can perform a network scan to determine if the software version is running on the network. No and take steps to patch or update the relevant servers.In addition, scripts can automate tasks such as detecting specific vulnerabilities.

    • Picture 4 of All about Nmap

    Use Nmap for local networks

    Running Nmap is often the best way to discover the 'size' of the network and the number of devices connected to it. The "fast" Nmap (-F) scan on the network can create a list of all IP addresses belonging to the server that operates on the network, along with some additional information.

     sudo nmap -F 192.168.0.0/24 Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-10 22:55 PST Nmap scan report for 192.168.0.1 Host is up (0.048s latency). Not shown: 96 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 5000/tcp open upnp 8081/tcp filtered blackice-icecap MAC Address: AC:EC:80:00:EA:17 (Arris Group) Nmap scan report for 192.168.0.35 Host is up (0.065s latency). Not shown: 93 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 443/tcp open https 515/tcp open printer 631/tcp open ipp 9100/tcp open jetdirect MAC Address: C4:8E:8F:38:61:93 (Hon Hai Precision Ind.) Nmap scan report for 192.168.0.232 Host is up (0.032s latency). All 100 scanned ports on 192.168.0.232 are closed MAC Address: 60:A3:7D:30:24:60 (Apple)

    The amount of information on the local network that Nmap can collect is impressive, including the MAC address and the manufacturer of the connected device, the operating system that the device is using and the version of any service. running on the device. After knowing how many devices are on the network and (almost) knowing which devices they are, the next step is to scan and check the devices on the network you are interested in.

    Another important function of Nmap is to allow port scanning of each device or IP address range, including multiple devices. This allows an attacker to find out the details of each device detected on the network, including information about open ports and service running. Port is the port that another device can connect to, so finding a range of services running on open ports can be a huge benefit to hackers, especially if one of the devices used an outdated version and vulnerable.

    Use Nmap for remote networks

    In addition to scanning local networks, Nmap can also display information about remote networks. In fact, you can run Nmap on the site you want to test and it will parse and get the IP address associated with that site's domain name.

     nmap -F wonderhowto.com Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-11 23:20 PST Nmap scan report for wonderhowto.com (104.193.19.59) Host is up (0.14s latency). Not shown: 95 closed ports PORT STATE SERVICE 53/tcp filtered domain 80/tcp open http 139/tcp filtered netbios-ssn 443/tcp open https 445/tcp filtered microsoft-ds Nmap done: 1 IP address (1 host up) scanned in 3.21 seconds

    After retrieving the IP address and noting the open port numbers, Nmap can then indicate that the operating system (-O) is being used to store a remote site.

     sudo nmap -O 104.193.19.59 Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-10 23:00 PST Nmap scan report for wonderhowto.com (104.193.19.59) Host is up (0.036s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https Device type: load balancer Running (JUST GUESSING): Citrix embedded (95%) Aggressive OS guesses: Citrix NetScaler load balancer (95%), Citrix NetScaler VPX load balancer (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 17 hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.69 seconds

    Finally, users can even learn about software versions that are running on open ports. If you see a port vulnerable to attack, it can make your work on the network much easier. Using the previously discovered IP address, users can perform a different scan than the -sV parameter , indicating that httpd 2.0 is being used on the target computer.

     sudo nmap -sV 104.193.19.59 Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-10 23:02 PST Nmap scan report for wonderhowto.com (104.193.19.59) Host is up (0.053s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 29.27 seconds

    These details - the IP address of a remote site or server, the operating system running on the device and the version of any application running on the open ports discovered - is everything the hacker Need to start attacking devices on the network.

    What you need

    To use Nmap, you will need a system that supports it. Fortunately, Nmap is a cross-platform application, works on Windows, Linux and macOS, preinstalled on many systems. Even if you don't have this tool, it's easy to install.

    You will also need a network to connect and scan to try these techniques, but note that scanning is often referred to as a 'prelude' for an attack and needs to be scrutinized. This means that if your job is to monitor suspicious behavior, scanning the entire network is a great way to get the most panoramic view.

    Step 1: Configure Nmap to scan a target

    To run basic scanning, users can specify specific target IP addresses to scan. One of the basic but most informative scans is to run Nmap, specify the destination IP address and then enter -A to enable operating system detection, version detection, script scanning and follow watch.

     sudo nmap 104.193.19.59 -A Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-10 23:12 PST Nmap scan report for wonderhowto.com (104.193.19.59) Host is up (0.038s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: WonderHowTo |_http-title: Did not follow redirect to https://wonderhowto.com/ 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: WonderHowTo |_http-title: Did not follow redirect to https://www.wonderhowto.com/ | ssl-cert: Subject: commonName=wonderhowto.com | Subject Alternative Name: DNS:wonderhowto.com, DNS:*.driverless.id, DNS:*.gadgethacks.com, DNS:*.invisiverse.com, DNS:*.null-byte.com, DNS:*.reality.news, DNS:*.wonderhowto.com, DNS:driverless.id, DNS:gadgethacks.com, DNS:invisiverse.com, DNS:null-byte.com, DNS:reality.news | Not valid before: 2017-01-25T00:00:00 |_Not valid after: 2019-01-25T23:59:59 |_ssl-date: 2018-11-11T07:12:53+00:00; 0s from scanner time. Device type: load balancer Running (JUST GUESSING): Citrix embedded (90%) Aggressive OS guesses: Citrix NetScaler load balancer (90%), Citrix NetScaler VPX load balancer (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 17 hops Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows TRACEROUTE (using port 995/tcp) HOP RTT ADDRESS 1 31.75 ms 192.168.0.1 2 26.02 ms 142.254.236.193 3 35.17 ms agg60.lsaicaev01h.socal.rr.com (24.30.168.25) 4 30.78 ms agg11.lsaicaev01r.socal.rr.com (72.129.18.192) 5 26.19 ms agg26.lsancarc01r.socal.rr.com (72.129.17.0) 6 34.58 ms bu-ether16.atlngamq46w-bcr00.tbone.rr.com (66.109.6.92) 7 30.20 ms ae2.lsancarc0yw-bpr01.tbone.rr.com (66.109.1.41) 8 35.04 ms ix-ae-24-0.tcore1.lvw-los-angeles.as6453.net (66.110.59.81) 9 35.01 ms if-ae-8-2.tcore1.sv1-santa-clara.as6453.net (66.110.59.9) 10 35.11 ms if-ae-0-2.tcore2.sv1-santa-clara.as6453.net (63.243.251.2) 11 38.80 ms if-ae-18-2.tcore1.sqn-san-jose.as6453.net (63.243.205.12) 12 34.39 ms if-ae-1-2.tcore2.sqn-san-jose.as6453.net (63.243.205.2) 13 34.05 ms 64.86.21.62 14 31.16 ms xe-0-0-3.cr6-lax2.ip4.gtt.net (89.149.180.253) 15 63.54 ms 72.37.158.50 16 . 17 34.34 ms wonderhowto.com (104.193.19.59) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 38.60 seconds

    Even for a single goal, a basic scan can bring a lot of information. Here, the example is simply scanning the IP address for the WonderHowTo.com domain . The tool can run with a device on a local network, such as a router or a remote server, such as the WonderHowTo.com host .

    Step 2: Calculate the subnet and scan a specific range to find the device

    To identify other devices on the local network, it is useful to calculate the subnetwork range. This is the range of IP addresses that can be provided to devices on the network and is a signal that it is possible to scan all IP addresses of devices on the network.

    A useful tool to do this is IPcalc. This tool will get the IP address (easily found by entering ifconfig or ip a in the terminal window) and calculating the subnet range based on that. The tool will provide a sequence of numbers like "192.168.0.0/24", specifying a range of IP addresses. In the example below, the subnet is calculated as 127.0.0.0/24.

     ipcalc 127.0.0.1 Address: 127.0.0.1 01111111.00000000.00000000. 00000001 Netmark: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000 Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111 => Network: 127.0.0.0/24 01111111.00000000.00000000. 00000000 HostMin: 127.0.0.1 01111111.00000000.00000000. 00000001 HostMax: 127.0.0.254 01111111.00000000.00000000. 11111110 Broadcast: 127.0.0.255 01111111.00000000.00000000. 11111111 Hosts/Net: 254 Class A, Loopback

    To include information about the services running on the device found, users can open the terminal window and enter the following command, in addition to your network range (where using "172.16.42.0/24" in For example). Scanning is a bit slow, so you can use the -F flag instead of -A to perform faster scans for the most popular ports.

     nmap 172.16.42.0/24 -A Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-11 23:26 PST Nmap scan report for 172.16.42.1 Host is up (0.0029s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 53/tcp open domain? Nmap scan report for 172.16.42.20 Host is up (0.0053s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 62078/tcp open tcpwrapped Nmap scan report for 172.16.42.32 Host is up (0.0057s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 62078/tcp open tcpwrapped Nmap scan report for 172.16.42.36 Host is up (0.011s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 62078/tcp open tcpwrapped Nmap scan report for 172.16.42.49 Host is up (0.0063s latency). All 1000 scanned ports on 172.16.42.49 are closed Nmap scan report for 172.16.42.53 Host is up (0.0059s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 62078/tcp open iphone-sync? Nmap scan report for 172.16.42.57 Host is up (0.013s latency). All 1000 scanned ports on 172.16.42.57 are closed Nmap scan report for 172.16.42.63 Host is up (0.00020s latency). All 1000 scanned ports on 172.16.42.63 are closed Nmap scan report for 172.16.42.65 Host is up (0.0077s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 631/tcp open ipp CUPS 2.2 | http-methods: |_ Potentially risky methods: PUT |_http-server-header: CUPS/2.2 IPP/2.1 |_http-title: Home - CUPS 2.2.0 Nmap scan report for 172.16.42.119 Host is up (0.012s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 898/tcp filtered sun-manageconsole 1862/tcp filtered mysql-cm-agent 1971/tcp filtered netop-school 62078/tcp open tcpwrapped Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 256 IP addresses (10 hosts up) scanned in 219.68 seconds

    Basically, we're running Nmap without arguments, except for the -A flag . We will see the same output as above, showing the devices detected and the services running on them.

    Another handy tool to explore the network is arp-scan. Sometimes it is possible to display devices that Nmap misses. We can use Nmap to perform ARP scans with query -PR, which is quite fast and active in bringing online servers back.

     nmap -PR 192.168.0.0/24 Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-12 06:10 PST Nmap scan report for 192.168.0.1 Host is up (0.019s latency). Not shown: 994 closed ports PORT STATE SERVICE 53/tcp filtered domain 80/tcp open http 443/tcp open https 5000/tcp open upnp 8081/tcp filtered blackice-icecap 8082/tcp filtered blackice-alerts

    Step 3: Create a list of target active servers

    Now, you will calculate all IP addresses that can appear on the local network and discover them by scanning -F (fast), by running Nmap without arguments except for the -A flag to scan. slow, but for more information or with -PR is able to quickly scan a local network to find active servers.

    Finally, if you want to create the detected TXT file of the server, you can use the command below to create the list, avoiding having to scan the entire network the next time. For example, to scan devices with port 80 open and save them to the list, you can use some Linux tools and flag -oG "greppable output" to filter the output that Nmap provides.

    By running nmap -p 80 -oG - 192.168.0.0/24 (network range is replaced by a specific case), you can add | awk '/ 80 / open / {print $ 2}' >> port80.txt to export the IP address of detected devices into TXT file named "port80.txt."

     nmap -p 80 -oG - 192.168.0.1 | awk '/80/open/ {print $2}' >> port80.txt cat port80.txt

    Here, the awk command is searching for lines containing the port number and the "open" result , with the second string in each line (in this case, the IP address) stored by the cat command into a new file named port80. txt

    Step 4: Determine the operating system on the detected devices

    One of the most useful things to know about a device discovered on the network is the operating system it is running. Here, we can get the target TXT list already in the previous step and scan the operating system, requiring root permissions. You can use the -O flag to scan the operating system and the -iL flag to tell Nmap the device you want to read from the target server's TXT file.

     sudo nmap -O -iL port80.txt Password: Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-12 07:07 PST Nmap scan report for 192.168.0.1 Host is up (0.033s latency). Not shown: 994 closed ports PORT STATE SERVICE 53/tcp filtered domain 80/tcp open http 443/tcp open https 5000/tcp open upnp 8081/tcp filtered blackice-icecap 8082/tcp filtered blackice-alerts No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.60%E=4%D=11/12%OT=80%CT=1%CU=33278%PV=Y%DS=1%DC=D%G=Y%M=407009% OS:TM=5BE99771%P=x86_64-apple-darwin17.3.0)SEQ(SP=CB%GCD=1%ISR=CD%TI=Z%CI=Z OS:%II=I%TS=7)SEQ(SP=CE%GCD=1%ISR=CE%TI=Z%CI=Z%TS=7)OPS(O1=M5B4ST11NW2%O2=M OS:5B4ST11NW2%O3=M5B4NNT11NW2%O4=M5B4ST11NW2%O5=M5B4ST11NW2%O6=M5B4ST11)WIN OS:(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=390 OS:8%O=M5B4NNSNW2%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3( OS:R=Y%DF=Y%T=40%W=3890%S=O%A=S+%F=AS%O=M5B4ST11NW2%RD=0%Q=)T4(R=Y%DF=Y%T=4 OS:0%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0% OS:Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z% OS:A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G% OS:RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Network Distance: 1 hop Nmap scan report for 192.168.0.2 Host is up (0.019s latency). Not shown: 997 closed ports PORT STATE SERVICE 53/tcp filtered domain 80/tcp open http 8888/tcp open sun-answerbook Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.17 - 2.6.36 Network Distance: 1 hop Nmap scan report for 192.168.0.5 Host is up (0.064s latency). Not shown: 993 filtered ports PORT STATE SERVICE 80/tcp open http 8080/tcp open http-proxy 8085/tcp open unknown 8086/tcp open dsn 8087/tcp open simplifymedia 8088/tcp open radan-http 8089/tcp open unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.2 - 3.8 Network Distance: 1 hop OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 3 IP addresses (3 hosts up) scanned in 67.32 seconds

    This tactic allows users to get as much information as possible about the operating system from any target list that wants to run, whether the target is an intranet or the list of IP addresses of the site.

    The next step is to explore the versions of applications running on open ports. This may indicate that a port running the software is outdated and has a vulnerability already detected. To do this, use the -sV flag .

     sudo nmap -sV 192.168.0.2 -D 192.168.0.1,192.168.0.2,192.168.0.3 Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-12 07:29 PST Nmap scan report for 192.168.0.2 Host is up (0.030s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 53/tcp filtered domain 80/tcp open http? 8888/tcp open upnp MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 4.1.2.0; UPnP 1.0; MTK 2.001) MAC Address: 83:23:98:43:23:3D (Dobus International) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.24 seconds

    Here, we will find some very specific information about the server, making it possible to identify an attack from 'eavesdrop' software through the portal.

    Step 5: Advanced scanning solutions

    Occasionally, users will have trouble scanning the network because the ping sent by Nmap is blocked by the firewall on the router. This can make the user mistakenly think that there is no device on the network (though it is in fact available). To avoid this, you can include the -Pn flag , to sometimes allow direct connection to devices and get feedback.

    If you are scanning on a network that does not want to be detected, you can perform a test with the -D flag to make it difficult to detect who is scanning on the network. The process will look like the command below and require root access.

     sudo nmap -sS 192.168.0.2 -D 192.168.0.1,192.168.0.2,192.168.0.3 Password: Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-12 07:26 PST Nmap scan report for 192.168.0.2 Host is up (0.036s latency). Not shown: 997 closed ports PORT STATE SERVICE 53/tcp filtered domain 80/tcp open http 8888/tcp open sun-answerbook MAC Address: 83:23:98:43:23:3D (Dobus International) Nmap done: 1 IP address (1 host up) scanned in 5.16 seconds

    If you need more information about what's going on, you can press a key while the scan is taking place to get some information on how to proceed or add the -v parameter to increase the level of detail (amount information that the script provides). In general, you can continue to add more v- v depending on the level of desire to find out more information about what's happening.

     Initiating ARP Ping Scan at 07:18 Scanning 192.168.0.1 [1 port] Completed ARP Ping Scan at 07:18, 0.12s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 07:18 Completed Parallel DNS resolution of 1 host. at 07:18, 0.09s elapsed DNS resolution of 1 IPs took 0.10s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 07:18 Scanning 192.168.0.1 [1 port] Discovered open port 80/tcp on 192.168.0.1 Completed SYN Stealth Scan at 07:18, 0.04s elapsed (1 total ports) Nmap scan report for 192.168.0.1 Host is up, received arp-response (0.11s latency). Scanned at 2018-11-12 07:18:34 PST for 0s PORT STATE SERVICE REASON 80/tcp open http syn-ack ttl 64 MAC Address: 23:78:32:76:34:90 (Dobis Group) Read data files from: /usr/local/bin/./share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds Raw packets sent: 2 (72B) | Rcvd: 2 (72B)

    Here, we can see the reason reported for active port 80 allows us to decide which part of the scanning process will give us the necessary information or be ignored. As mentioned, you'll see everything that the scan is doing and this can create a lot of output for complex scans.

    The first time searching for something about the network can be very difficult for beginners, whether they are learning about the network exploit for the first time or simply trying to find a network router.

    Keep in mind, although scanning the network is a great idea to run on a private network and see what is connected, this may not be allowed on the network at work or other networks that you do not own. . If an employer actually detects suspicious behavior online, your behavior can easily be considered a threatening action if there is no good reason to do so.

    One of the best things about Nmap is that it can create scripts with options like -oG and can be used to provide information to other tools. So, if you ever imagine building a tool to find other devices on the same network, Nmap might be what you're looking for.

    Nmap commands for beginners

    One of the great things about using Nmap is that new users have little knowledge of the system or the network can still start with simple commands to perform basic scans, while experts have can take advantage of more complex commands to get a more detailed view of the entire network.

    What you get when you use Nmap is basically the list of targets you have scanned, along with the associated information associated with those goals.The information you receive will depend on how you perform the scan.In other words, it depends on the commands you have used.

    The scanning process does not necessarily generate much traffic but depends on the commands used.Scanning all ports on all systems will not bring much effect, mainly because only a small number of available ports will be used at the same time (one system can have 65,535 TCP ports and 65,535 UDP ports).Various options allow finetuning or extended scanning.For example, in defining service versions, available options include:

  • sV (allows version detection)
  • version-intensity (set the scanning intensity)

    • Scanning intensity ranges from 0 to 9. Lower intensity scans will explore common services, while higher intensity scans can determine which services are used less but will lose more More scan time.

    Different commands can also allow you to specify which port or network components to scan or ignore.

    Nmap Scripting Engine (NSE)

    Nmap Scripting Engine (NSE) includes a command tool written in the Lua programming language to write, save and share scripts that automate different types of scans.Although often used to check for typical vulnerabilities, network infrastructures, all tasks can be automated.

    Zenmap - Nmap's interface

    Zenmap is the graphical interface of Nmap security scanner.This interface provides users with hundreds of different options.It allows users to do things like store information about scans and then compare them, view network topology maps, see which ports are running on the server or all of the servers above. Network and storage, scanning in the database to serve the later search process.

    What's new in Nmap

    The Nmap 7.70 version, released in March 2018, has provided nine new NSE scripts and provided hundreds of new operating system and service codes for the operating system and applications that detect application versions, including code that supports IPv6 and IPv4.Improvements in version 7.70 also help to detect the service version faster and more accurately.Due to the widespread use of Windows, the introduction of improvements to the Npcap Windows capture package is also offered to enhance performance and stability are particularly important steps from the publisher.

    The next release of Nmap is expected to be released by the end of the third quarter or early in the fourth quarter of this year, but Lyon also noted that between the releases, scripts and new protocols that are being refined by the company. and available for user testing.

    "Converting from outdated Winpcap drivers to our new Npcap system is an unprecedented big step for Windows Nmap users. We will also continue to expand and improve Nmap Scripting Engine. Now we have 591 scripts and 133 protocol libraries, you can find at https://nmap.org/nsedoc/. I feel like my brainchild is now really In fact, Nmap will turn 21 on September 1! ', Lyon said.

    Is Nmap being used for unauthorized behavior?

    Although port scanning is not an illegal feature, at least under US federal law, Nmap's features are definitely useful for bad-looking hackers looking for holes. Security vulnerability to exploit.Certain applications of the software, not allowed to access, if ignored, you may be fired or have legal trouble, even if you are performing a vulnerability scan because of bad purpose.

    While some Nmap scans are quite light and can't turn off alerts, it's best to proceed with your authorized scans with the appropriate individuals in your organization.Note that many Nmap options, such as OS fingerprinting, require access to the original data.Therefore, when doubting about the legality of the things you want to do, especially when you work alone and without the legal team of the organization to consult, talk to a lawyer. have expertise in computer fraud and abuse.

    Nmap resources

    If you want to learn more about Nmap, the only and best source of information you should consult is Nmap.org.This website is maintained and handled by the author FyodorVaskovitch.Essential resources on Nmap.org and other websites include:

  • Document.
  • Nmap reference guide, detailed description of Nmap and how it works.
  • Zenmap user guide.
  • Nmap users can join the Nmap-hacker mailing list to keep track of updates. Developers interested in testing or contributing code and suggestions can subscribe to the Nmap-dev list.
  • Top 100 network security tools are voted by Nmap users.

    • Download Nmap where?

    To download Nmap, visit here and follow the instructions.

    See more:

  • 4 websites to quickly check the safety of links
  • How to hack WiFi passwords with holes on WPA / WPA2
  • How to protect your computer against a Foreshadow security vulnerability
  • Learn about DNS Cache spoofing and DNS Cache poisoning

    • ncG1vNJzZmismaXArq3KnmWcp51krq24jJqZqK2kYruurc8%3D