Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP

NMAP is a penetration testing and network information gathering tool which was use by most of the IT administrators around the world. NMAP uses are more wide and we can easily gather the devices and the Network peripherals around you.

Like other security tools, Nmap should not be misused. Only scan networks and machines that you own or have permission to investigate. Probing other machines could be seen as an attack and be illegal.

Nmap (Network Mapper) is an open source and free security scanner used for network discovery and security auditing. During a scan, Nmap sends specially crafted packets to the target host and then analyzes the responses. It is capable of

• Host Discovery
• Port Scanning
• Service Name and Version Detection
• OS Detection

The typical uses of Nmap include:

• Security Audits Of A Firewall / Host
• Open Port Identification
• Network Security Audit
• Network Mapping, Network Inventory, Asset Management
• Vulnerability Detection & Exploitation
• Host / Service Uptime Monitoring
• Nmap can work on Linux, Unix, BSDs, MacOS X and Windows.

How to see the NMAP version:

To see which NMAP version you are using, you need to use the following command in the Kali Linux terminal. It is very important because, whenever a new NMAP version was released, you will get some new feature which comes with your NMAP Package. So next time while you are starting to use the NMAP app in Kali Linux, check whether you are using the latest version of NMAP.

#nmap --version or #nmap -v

If you want to update your NMAP package in your Kali Kali Linux then you need to use the below command.

#apt-get update nmap

Note : Make sure you have added the required Kali Linux repositories in /etc/apt/sources.list file. If the repositories were not added, then try to add the following repositories in the sources.list files.

# Regular repositories

deb http://http.kali.org/kali sana main non-free contrib

deb http://security.kali.org/kali-security sana/updates main contrib non-free

# Source repositories

deb-src http://http.kali.org/kali sana main non-free contrib

deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

After adding the repositories, you need to do "apt-get clean" an also you need to do "apt-get update" before updating any package in your Kali Linux.

Open Terminal and Type nmap for help information.

It is the worlds leading port scanner, and a popular part of our hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; ie outside your firewall.

It is the worlds leading port scanner, and a popular part of our hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; ie outside your firewall.

nmap 192.168.18.129 [Target or any I.P Address]

Here i am using my target window I.P Address.

TCP connect port scan(Default without root privilege)

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

nmap -sT 192.168.18.129

To scan a UDP service make sure you have used the -sU option

nmap -sU 192.168.18.129

Sometimes, its useful to know what software and what versions of that software a machine is running. This is especially good for investigating your own servers. It also gives you insight into what server information others can see. Nmap -sV allows you to get as detailed information as possible about the services running on a machine

nmap -sV 192.168.18.129

Remote OS detection using TCP/IP stack fingerprinting

With the -O option nmap will try to guess the targets operating system. This is accomplished by utilizing information that nmap is already getting through the TCP SYN port scan. This is usually a best guess but can actually be fairly accurate. The operating system scan however does require root privileges.

nmap -O 192.168.18.129

Enables OS detection, version detection, script scanning, and traceroute

nmap -A 192.168.18.129

By default, Nmap will scan the 1000 most commonly used ports on a target machine.This, of course, takes time. If you know that you only need to or only want to scan the most common ports to reduce the run time of Nmap, you can use the -F flag. The -F flag tells Nmap to only scan the 100 most commonly used ports instead of the usual 1000.

nmap -F 192.168.18.129

Occasionally, you may only want to scan select ports with Nmap. The -p flag allows you to specify specific ports for Nmap to scan. Nmap will then only scan those specified ports on the target machine.

nmap -p 443 192.168.18.129

Port scan multiple ports

nmap -p 443,80 192.168.18.129

Port range scan

nmap -p 1-500 192.168.18.129

Fast port scan (100 ports) for multiple I.P address

nmap -F 192.168.18.129 192.168.18.132

Port scan between I.P address range.

nmap -p 1-500 192.168.18.129-132

Disable host discovery. Port scan only.

nmap -pn 192.168.18.129

Requested scan (including ping scans) use tiny fragmented IP packets. Harder for packet filters.

nmap -f 192.168.18.129

When this command runs nmap tries to ping the given IP address range to check if the hosts are alive. If ping fails it tries to send syn packets to port 80 (SYN scan). This is not hundred percent reliable because modern host based firewalls block ping and port 80. Windows firewall blocks ping by default. The hosts you have on the network are blocking ping and the port 80 is not accepting connections. Hence nmap assumes that the host is not up.

nmap -sP 192.168.18.129-132

Nmap is one of those tools that EVERY hacker must master to be proficient at this trade. With this post, we have advanced your nmap skills another step, but we still have much to learn, so keep coming back.

I hope you enjoyed this article.