Er Amit Tripathi
Number of posts : 37 Age : 38 Location : Lucknow Job/hobbies : Software Engeener What U like To do ? : I Rocks With Computer System. Registration date : 2008-01-09
| Subject: Nmap (scanning and Footprinting) 9 2/10/2008, 2:36 am | |
| - Quote :
Nmap was developed by a hacker named Fyodor Yarochkin. This popular application is available for Windows and Linux as a GUI and command-line program. It is probably the most widely used port scanner ever developed. It can do many types of scans and OS identification. It also allows you to control the speed of the scan from slow to insane. Its popularity can be seen by the fact that it's incorporated into other products and was even used in the movie The Matrix. Nmap with the help option is shown here so that you can review some of its many switches. Nmap's documentation can be found at www.insecure.org C:\nmap-3.93>nmap -h Nmap 3.93 Usage: nmap [Scan Type(s)] [Options] Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) * -sU UDP port scan -sP ping scan (Find any reachable machines) * -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only) -sV Version scan probes open ports determining service and app names/versions -sR/-I RPC/Identd scan (use with other scan types) Some Common Options (none are required, most can be combined): * -O Use TCP/IP fingerprinting to guess remote operating system -p ports to scan. Example range: '1-1024,1080,6666,31337' -F Only scans ports listed in nmap-services -v Verbose. Its use is recommended Use twice for greater effect. -P0 Don't ping hosts (needed to scan www.microsoft.com and others) * -Ddecoy_host1,decoy2[,...] Hide scan using many decoys -6 scans via IPv6 rather than IPv4 -T General timing policy -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve] -oN/-oX/-oG Output normal/XML/grepable scan logs to -iL Get targets from file; Use '-' for stdin * -S /-e Specify source address or network interface --interactive Go into interactive mode (then press h for help) --win_help Windows-specific features Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*' SEE THE MAN PAGE FOR MANY MORE OPTIONS. - http://insecure.org/nmap/man/ As can be seen from the output of the help menu in the previous listing, Nmap can run many types of scans. Nmap is considered a required tool for all ethical hackers. Nmap's output provides the open port's well-known service name, number, and protocol. They can either be open, closed, or filtered. If a port is open, it means that the target device will accept connections on that port. A closed port is not listening for connections, and a filtered port means that a firewall, filter, or other network device is guarding the port and preventing Nmap from fully probing it or determining its status. If a port is reported as unfiltered, it means that the port is closed and no firewall or router appears to be interfering with Nmap's attempts to determine its status. To run Nmap from the command line, type Nmap, followed by the switch, and then enter a single IP address or a range. For the example shown here, the sT option was used, which performs a TCP full 3-step connection. C:\nmap-3.93>nmap -sT 192.168.1.108 Starting nmap 3.93 (http://www.insecure.org/nmap) at 2005-10-05 23:42 Central Daylight Time Interesting ports on Server (192.168.1.108): (The 1653 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 80/tcp open http 139/tcp open netbios-ssn 515/tcp open printer 548/tcp open afpovertcp Nmap run completed -- 1 IP address (1 host up) scanned in 420.475 seconds Several interesting ports were found on this computer, including 80 and 139. A UDP scan performed with the -sU switch returned the following results: C:\nmap-3.93>nmap -sU 192.168.1.108 Starting nmap 3.93 (http://www.insecure.org/nmap) at 2005-10-05 23:47 Central Daylight Time Interesting ports on Server (192.168.1.108): (The 1653 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 69/udp open tftp 139/udp open netbios-ssn Nmap run completed -- 1 IP address (1 host up) scanned in 843.713 seconds Nmap also has a GUI version called NmapFE. Most of the options in NmapFe correspond directly to the command-line version. Some people call NmapFe the Nmap tutor because it displays the command-line syntax at the bottom of the GUI interface. It is no longer updated for Windows but is maintained for the Linux platform. | |
|