Lab
Nmap :-
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. Namp determine what hosts are available on the network, what services offering by host, what type of operating system running, type of firewall in use. It is useful uitility for network & system administrators. The output from Nmap is a list of scanned targets, with information on each depending on the options used. nmap command line tool to scan a host / network, security scanning, finding open port. Nmap is available in package repository of most of linux distributions. We have to install it.
apt-get install nmap
yum install nmap
options:-
1. nmap IP_addr.
Ex. nmap 192.168.2.8
Namp with IP address scan IP address & gives you information of services, open port, mac address.
2. nmap domain_name
ex. nmap www.google.com
nmap scan server name & gives you IP address, list out services, open port information, mac address.
3. nmap -v IP_addr/domain_name
Gives details information of remote host.verbose dispaly.
4. nmap IP_addr with wildcard character ‘*’
Ex. nmap 192.168.2.* or nmap 192.168.2.0/24
With the wildcard character enter we can scan entire IP address range & subnet. gives all information of hosts which are up & down.
5. nmap IP_addr with last octet
Ex. nmap 216.58.197.93,125
With nmap we can scan multiple IP address just by specifying last octect as shown in example.
6. nmap IP_addr range
Ex nmap 216.58.197.90-93
With nmap command we can scan IP address range as specified in above example.
7. nmap –A IP_addr
With option “A” menstion along with nmap it gives script scanning output, traceroute, OS version of provided host
8. nmap -O IP_addr
[O =-osscan guess]
With option ‘O’ it gives OS information & its version of remote host.
9. nmap IP_addr wildcard[*] --exclude IP_addr
Ex. nmap 192.168.2.* --exclude 192.168.2.8
With this command as shown in example we can exclude the IP address from scanning as we used wildcard character to scan all 256 host in last octect.
10. nmap example.txt**
Cat > example.txt
Localhost
192.168.2.2
192.168.22.1
With file menstion along with nmap command we can scan all the IP address server host names included in that .
11. nmap -sA IP_addr/ domain_name
With this ‘s’ option along with nmap command we can determine is host is protected by firewall.
12. nmap –PN IP_addr/domain_name
Nmap along with this option we can scap host protected by firewall.
13. nmap -sP IP_addr/subnet mask
Ex. nmap -sP 192.168.2.2/24
With this we can scan which host are up, it find only running hosts. Its like ping utility.
14. nmap -F IP_addr
To perform fast scan “-F” option is used.
15. nmap -r IP_addr
It is used to scan sequentially.
16. nmap –p IP_addr
Ex. nmap –p 80 192.168.2.2
nmap –p T:80 192.168.2.2
nmap –p U:54 192.168.2.2
nmap –p 80,22 192.168.2.2
nmap –p 80-443 192.168.2.2
with “-p” option we scan fot a specific port . we cam menstioned port no directly inside command or we can also find along with port type AS TCP,UDP, multiple port also scan on single command line
17. nmap –iflist
With this command we can find out network interfaces & route information. It is useful during debugging.
18. nmap -V IP_addr
With “-V” option we can find out current install version of nmap on local machine.
19. nmap –sV IP_addr
if we combine it as “-sV” then we can find service versions running on host.
20. scanning using ping protocol:
• Ping by host discovery method(when ICMP protocol blocks) for TCP protocol:
Ex. nmap -PS 192.168.2.2
nmap -PS 80,21,443 ,22 192.168.1.2
nmap -PA 192.168.1.1
nmap -PA 80,21,200-512 192.168.2.8
• ping using IP protocol:
nmap –PO 192.168.2.2
• ping using UDP protocol:
nmap PU 192.168.2.
21. scan services using ports :
• scan for UDP services:
nmap -sU www.google.com
nmap -sU 192.168.1.1
• scan for TCP services:
nmap -sS 192.168.1.1 ( stealthy scan)
nmap -sT 192.168.1.1 (no stealth scan)
nmap -sA 192.168.1.1 (ACK scan)
nmap -sW 192.168.1.1 (window scan)
nmap -sM 192.168.1.1 (maimon scan)
• scan fot IP services:
namp -sO 192.168.2.1
• scan for firewall check:
nmap -sN 192.168.1.2
nmap -sF 192.168.1.5
nmap -sX 192.168.1.
22. we can save nmap output to a file using:
ex:-
nmap 192.168.1.5 > nmap_soutput.txt
nmap -oN /home/test/file_name 192.168.1.5
nmap -oN nmap_output.txt 192.168.1.5