Nmap Network Scanner

Nmap Network Scanner

Introduction:

The Nmap scanner is a powerful open-source port scanner that is used for network discovery and security auditing.It is mainly used for reconnaissance and footprinting in order to gather information about a target. While it is originally designed to scan large networks rapidly, it works as well for single host systems.

Process of scanning:

In order to scan hosts in a network, it uses raw ip packets to determine various information about the hosts including:

  1. The hosts available on the network
  2. The Services (app name & version) that the hosts are running
  3. The Operating System
  4. Types of packet filters/firewalls setup on the system, and many more characteristics

Purpose of Nmap:

Nmap has a very diverse set of functionalities that enable it to obtain a variety of information from its scans. With these functionalities, its main purpose is in security audits where it looks for vulnerabilities in networks of a company or organization.

That being its main purpose, it is also used by system and network administrators in order to perform routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Types of port states:

Before diving into types of port states, a bit of background regarding the TCP handshake. In order to communicate with a TCP service, a 3 way TCP handshake must be established.

This involves a SYN to the TCP open port of the server, which responds with a SYN ACK to the client. Finally the client responds with an ACK.

  1. Open: This means that applications on the target machine is listening for connections on that port
  2. Filtered: Indicates that a firewall or similar software is blocking the port, rendering nmap incapable of determining the port state. firewall-filtered-port.png

  3. Closed: No application is listening, therefore port could be open. firewall-closed-port.png

  4. Unfiltered: Nmap gives this classification to ports when it cannot determine the state of the port i.e open or closed

Nmap reports the state combinations open|filtered. and closed|filtered. when it cannot determine which of the two states describe a port.

Types of Flags:

As with any function, in order to use the diverse functionality of Nmap, a number of flags are provided. Using these flags, we can utilize the different functions within Nmap in order to gather information about the target system.

Scanning Techniques:

  • -sS - TCP syn port scan
  • -sT - TCP connect port scan
  • –sU - UDP port scan
  • –sA - TCP ack port scan
  • -Pn - Port only scan
  • -sn - Host only scan
  • -PR - arp discovery of local network

Port Specification Scan:

  • -p - To specify port range
  • -p- - To scan all ports
  • -F - Fast port scan

Service version and OS detection:

  • -sV - detect the version of services running
  • -A - aggressive scan
  • -O - detect operating system of the target