Security Information and Review

Collection of security information and review

Expert Network Scanning with Nmap

Author : Admin

Nmap is the most popular and feature rich of the network scanner and widely available for most Unix platform and Windows. Nmap first release in 1997 by Insecure and currently Nmap has been integrated into a number of commercial security products.

 

Nmap provides a number of command line options to fine tune performance and packet timing. First option that we will discussion is the –n, it’s instructs Nmap to don’t name lookups on the IP Address and make the scan faster to complete. Other option of Nmap is the –sP. It’s instruct Nmap to perform a host scan and by default, Nmap sends both an ICMP echo request also known as ping packet as well as TCP SYN packet.

       #sudo nmap –n –sP 192.168.1.1-20

 

How to customer port scanning with Nmap ..? Nmap provides option the –p ports, port argument is a comma separated list of port or port ranges. See sample bellow, Nmap custom port scanning with mix TCP and UCP protocol.

       #sudo nmap –n –pT:21,25,80,110,U:53 192.168.1.1

In the specific case, we know a port is open is more value but it’s not enough to knowing what exact application is running. Nmap provide the –sV option, it’s instruct Nmap to test for application type and version for all port found to be open. See following example, Nmap fingerprinting the open ports on a host.

      #nmap –n –sV 192.168.5.12

Nmap with the -sV option

 

 

Other powerful feature of Nmap is the ability to determine the operating system of the target. Nmap will analyze the responses and compare with database of hundreds of different operating systems. In order to accurately determine the target operating system, Nmap needs at least one open port and one close port on the target. We can use the -0 option to enable operating system detection.

       #nmap –n –O 192.168.20.150

Nmap with OS detection

 

 

If we will use Linux as operating system, the best active defense from port scan by running program or tools such portsentry which has the ability to recognize drop incoming port scans.

 

 

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Tools Security
 
url.lst.20090722 coll « rogeraaut at 00:52 on 24 July 2009

[...] Expert Network Scanning with Nmap | Tools Security-1.desktop:URL  ||  http://security.widyani.com/tools-security/expert-network-scanning-with-nmap.html#more-262 Expert Network Scanning with Nmap | Tools Security.desktop:URL  ||  [...]

If you like this posts, please leave messages / comments.