Er Amit Tripathi
Number of posts : 37
Age : 38
Location : Lucknow
Job/hobbies : Software Engeener
What U like To do ? : I Rocks With Computer System.
Registration date : 2008-01-09
 |  Subject: Nmap (scanning and Footprinting) 9  2/10/2008, 2:36 am | |
| - Quote :
Nmap was developed by a hacker named Fyodor Yarochkin. This popular application
is available for Windows and Linux as a GUI and command-line program.
It is probably the most widely used port scanner ever developed. It
can do many types of scans and OS identification. It also allows you
to control the speed of the scan from slow to insane. Its popularity
can be seen by the fact that it's incorporated into other products
and was even used in the movie The Matrix. Nmap with the help option
is shown here so that you can review some of its many switches. Nmap's
documentation can be found at www.insecure.org C:\nmap-3.93>nmap -h
Nmap 3.93 Usage: nmap [Scan Type(s)] [Options]
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service and app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG Output normal/XML/grepable scan logs to
-iL Get targets from file; Use '-' for stdin
* -S /-e Specify source address or network
interface
--interactive Go into interactive mode (then press h for help)
--win_help Windows-specific features
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*' SEE THE MAN PAGE FOR MANY MORE OPTIONS. - http://insecure.org/nmap/man/
As can be seen from the output of the help menu in the previous listing,
Nmap can run many types of scans. Nmap is considered a required tool
for all ethical hackers. Nmap's output provides the open port's well-known
service name, number, and protocol. They can either be open, closed,
or filtered. If a port is open, it means that the target device will
accept connections on that port. A closed port is not listening for
connections, and a filtered port means that a firewall, filter, or
other network device is guarding the port and preventing Nmap from
fully probing it or determining its status. If a port is reported as
unfiltered, it means that the port is closed and no firewall or router
appears to be interfering with Nmap's attempts to determine its status.
To run Nmap from the command line, type Nmap, followed by the switch,
and then enter a single IP address or a range. For the example shown
here, the sT option was used, which performs a TCP full 3-step connection. C:\nmap-3.93>nmap -sT 192.168.1.108
Starting nmap 3.93 (http://www.insecure.org/nmap) at 2005-10-05 23:42
Central
Daylight Time
Interesting ports on Server (192.168.1.108):
(The 1653 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
80/tcp open http
139/tcp open netbios-ssn
515/tcp open printer
548/tcp open afpovertcp
Nmap run completed -- 1 IP address (1 host up) scanned in 420.475 seconds Several interesting ports were found on this computer, including 80
and 139. A UDP scan performed with the -sU switch returned the following
results: C:\nmap-3.93>nmap -sU 192.168.1.108
Starting nmap 3.93 (http://www.insecure.org/nmap) at 2005-10-05 23:47
Central
Daylight Time
Interesting ports on Server (192.168.1.108):
(The 1653 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
69/udp open tftp
139/udp open netbios-ssn
Nmap run completed -- 1 IP address (1 host up) scanned in 843.713 seconds Nmap also has a GUI version called NmapFE. Most of the options in NmapFe
correspond directly to the command-line version. Some people call NmapFe
the Nmap tutor because it displays the command-line syntax at the bottom
of the GUI interface. It is no longer updated for Windows but is maintained
for the Linux platform. | |
|
