Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP

NMAP is a penetration testing and network information gathering tool which was use by most of the IT administrators around the world. NMAP uses are more wide and we can easily gather the devices and the Network peripherals around you.

Like other security tools, Nmap should not be misused. Only scan networks and machines that you own or have permission to investigate. Probing other machines could be seen as an attack and be illegal.

Nmap (Network Mapper) is an open source and free security scanner used for network discovery and security auditing. During a scan, Nmap sends specially crafted packets to the target host and then analyzes the responses. It is capable of

  • Host Discovery
  • Port Scanning
  • Service Name and Version Detection
  • OS Detection

The typical uses of Nmap include:

  • Security Audits Of A Firewall / Host
  • Open Port Identification
  • Network Security Audit
  • Network Mapping, Network Inventory, Asset Management
  • Vulnerability Detection & Exploitation
  • Host / Service Uptime Monitoring
  • Nmap can work on Linux, Unix, BSDs, MacOS X and Windows.

How to see the NMAP version:

To see which NMAP version you are using, you need to use the following command in the Kali Linux terminal. It is very important because, whenever a new NMAP version was released, you will get some new feature which comes with your NMAP Package. So next time while you are starting to use the NMAP app in Kali Linux, check whether you are using the latest version of NMAP.


#nmap --version or #nmap -v

If you want to update your NMAP package in your Kali Kali Linux then you need to use the below command.


#apt-get update nmap


Note : Make sure you have added the required Kali Linux repositories in /etc/apt/sources.list file. If the repositories were not added, then try to add the following repositories in the sources.list files.


# Regular repositories

deb http://http.kali.org/kali sana main non-free contrib

deb http://security.kali.org/kali-security sana/updates main contrib non-free


# Source repositories

deb-src http://http.kali.org/kali sana main non-free contrib

deb-src http://security.kali.org/kali-security sana/updates main contrib non-free


After adding the repositories, you need to do "apt-get clean" an also you need to do "apt-get update" before updating any package in your Kali Linux.


Open Terminal and Type nmap for help information.

It is the worlds leading port scanner, and a popular part of our hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; ie outside your firewall.


Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


It is the worlds leading port scanner, and a popular part of our hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; ie outside your firewall.


nmap 192.168.18.129 [Target or any I.P Address]

Here i am using my target window I.P Address.

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


TCP connect port scan(Default without root privilege)

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

nmap -sT 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


To scan a UDP service make sure you have used the -sU option

nmap -sU 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Sometimes, its useful to know what software and what versions of that software a machine is running. This is especially good for investigating your own servers. It also gives you insight into what server information others can see. Nmap -sV allows you to get as detailed information as possible about the services running on a machine


nmap -sV 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Remote OS detection using TCP/IP stack fingerprinting

With the -O option nmap will try to guess the targets operating system. This is accomplished by utilizing information that nmap is already getting through the TCP SYN port scan. This is usually a best guess but can actually be fairly accurate. The operating system scan however does require root privileges.


nmap -O 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Enables OS detection, version detection, script scanning, and traceroute

nmap -A 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


By default, Nmap will scan the 1000 most commonly used ports on a target machine.This, of course, takes time. If you know that you only need to or only want to scan the most common ports to reduce the run time of Nmap, you can use the -F flag. The -F flag tells Nmap to only scan the 100 most commonly used ports instead of the usual 1000.


nmap -F 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Occasionally, you may only want to scan select ports with Nmap. The -p flag allows you to specify specific ports for Nmap to scan. Nmap will then only scan those specified ports on the target machine.

nmap -p 443 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Port scan multiple ports


nmap -p 443,80 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Port range scan

nmap -p 1-500 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Fast port scan (100 ports) for multiple I.P address

nmap -F 192.168.18.129 192.168.18.132

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Port scan between I.P address range.

nmap -p 1-500 192.168.18.129-132

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Disable host discovery. Port scan only.

nmap -pn 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


Requested scan (including ping scans) use tiny fragmented IP packets. Harder for packet filters.

nmap -f 192.168.18.129

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


When this command runs nmap tries to ping the given IP address range to check if the hosts are alive. If ping fails it tries to send syn packets to port 80 (SYN scan). This is not hundred percent reliable because modern host based firewalls block ping and port 80. Windows firewall blocks ping by default. The hosts you have on the network are blocking ping and the port 80 is not accepting connections. Hence nmap assumes that the host is not up.


nmap -sP 192.168.18.129-132

Ping Sweeps, Port Scans, IP Spoofing and Gathering Information - NMAP


For References :-




Nmap is one of those tools that EVERY hacker must master to be proficient at this trade. With this post, we have advanced your nmap skills another step, but we still have much to learn, so keep coming back.


I hope you enjoyed this article.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Reader Comments [2]

QuntinFranksRacing

When ? origially commented ? cliocked the
"Notify me when new comments are added" checkbox ?nd no? each time a commment ?s addd I geet s?veral emails withh the same c?mment.
Is there ?ny way yo? c?n remove me f?om that service? Bless you!

10-Jul-2019

Reply

Marissa

Your style is so unique compared to other people I've read
stuff from. Thanks for posting when you have the opportunity, Guess I'll
just bookmark this web site.

26-Mar-2020

Reply

Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..