Nmap -Network Mapper
Nmap stands for Network Mapper is a tool that hackers use to map a network .
For hackers, this tool is one that must be mastered and are often used as simple and powerful tool that is used to determine the host, service, operating system used by the system to enter.
NMAP can Use for :-
- Host Discovery - Check whether a host or IP is up or down.
- Port Scanning - Which ports are open and closed.
- Detecting Operating System - Operating system of the target.
- Names and versions of the listening services.
- Estimated up time.
- Type of device, and
- Presence of a FIREWALL.
- Microsoft Windows,
- Linux,
- Solaris,
- HP-UX and
- BSD
Linux is the most popular Nmap platform with Windows following .
But In this Post I will Write for Windows , Because most of the People Are not Aware of Using Linux.
In this Post we use Nmap with the Windows operating system.
However, we do not use the graphical version (Graphical Version is For Noobs and easy to use) ,We Use command line (Because Hackers Work On Terminals), so the command line instructions or you can do the same on other operating systems such as Linux, Unix and family.
This tutorial is for newbie’s and skiddies who would like to learn the proper way of using it. Geeks can use it to brush up the things.
NMAP GUI :- The GUI Version Of Nmap is very Handy and easy to use.Just Install It and Run.You will get the Nmap screen with Multiple Options.
Download Nmap GUI
Nmap Command-Line :- So In this Post Iam going through Deep With Nmap Command Line Using Windows OS .
Installing Nmap version of windows , all you have to do is the following:
Download Nmap Command Line
Download WinPcap
Download Both of the above and first install WinPcap ,
then Extract the nmap from the rar archive and save it in your desktop .
Very Important Tip :- You should be Logged in With Administrative Privileges in your windows ,to work nmap perfect and giving best results.
Okk Fine , now once reboot your Pc and then start working.
Lets Start :P
Go to Start > Run > cmd
Then type "cd desktop".
then type "cd nmap"( or any folder you created in desktop ) to enter into folder where nmap is stored.
Finally type "nmap" to execute.
Okk after executing you will get the list of all scanning modes , which nmap supports . If you get this List then your Nmap is working perfectly.
Okk Lets take an IP Address to Work Out ....
So I took this IP 192.168.0.1 .
1) Let The ip address to be scanned 192.168.0.1 , Simply it can be done as:
# nmap 192.168.0.1
2) Now to scan for TCP connect -sT ( TCP Ports Scanning )::
# nmap -sT 192.168.0.1
About -sT :- TCP Connect Scanning
This type of scan connects to the target port and complete the three-way handshake (SYN, SYN / ACK and ACK) scans are easily detected by the manager of the target host.
Advantages :- Once the scan is completed, ports to which a connection could be established are listed as open, the rest are said to be closed.
This method of scanning is very effective, and provides a clear picture of the ports you can and cannot access. If a connect() scan lists a port as open, you can definitely connect to it.
Disadvantages :- It is very easy to detect on the system being scanned.
If a firewall or intrusion detection system is running on the victim, will almost always trigger a warning. Connection attempt being logged. Additionally, most servers will log connections and their source IP, so it would be easy to detect the source of a TCP connect() scan.
3) SYN Scanning -sS also called as Stealth Scanning Or half-open ( All Ports Scanning).
# nmap -sS 192.168.0.1
About -sS :- Syn Scanning
TCP SYN scan gather information about open ports without completing the TCP handshake process. When an open port is identified, the TCP handshake is reset before it can be completed. This technique is often referred to as “half open” scanning.
This technique is invisible compared to the TCP connection is full and will not be recorded on the log host target.
Advantages :- The TCP SYN scan never actually creates a TCP session so isn’t logged by the destination host’s applications. And hence it’s a quiet scan.
Disadvantages :- You need privileged access to the system.
4) FIN -sF, Null -sN and Xmas -sX Tree Scans [-sF, -sN, -sX] .
These are called “stealth” scans. They send a single frame to a TCP port without any TCP handshaking or additional packet transfers. They are more “stealth” than SYN scan and must be used if the remote machine is not a Windows-based machine.
# nmap -sF 192.168.0.1
# nmap -sN 192.168.0.1
# nmap -sX 192.168.0.1
Advantages :- Since no TCP sessions are established, they are quiet stealthy.
Disadvantages :-Can’t be used against windows-based machine.
5) Ping Scan [-sP] :- To check whether IP is Online or not.
# nmap -sP 192.168.0.1
6) UDP Scan [-sU] :- To Scan For UDP Ports.
# nmap -sU 192.168.0.1
7) IP Protocol Scans [-sO] :-
Sometimes it has to be checked that what protocols the remote machine is running. It locates uncommon IP protocols that may be in use on the remote system. Hence it helps determining the type of remote device, i.e. is that router or printer or workstation etc.
# nmap -sO 192.168.0.1
Disadvantage :-This scan will appear on any network monitoring application that identifies the IP protocol types in use.
8) Idle Scanning [-sI] :-
It’s the stealthy most scan you can have. Tough to launch because you need a zombie for it. It would not be justice with this great scan to be described in just few lines. I would recommend you to read it in detail.
# nmap -sI 192.168.0.10
Advantages :-
You will never be caught.
Disadvantages :-
Tough to launch as it’s not easy to find some zombie machine.
9) Version Detection [-sV] :-
As has been explained it will help you know the version of the service running on the remote machine.
# nmap –sV 192.168.0.1
10) ACK Scan [-sA] :-
Its quiet useful when there is some packet filtering device or firewall. It never locates an open port. It does the job of identifying ports that are filtered through a firewall. It doesn’t open any application sessions and hence the conversation between nmap and the remote device is relatively simple.
Disadvantages :-
It can only tell whether port is filtered or unfiltered. But can never definitively identify an open port.
# nmap –sA 192.168.0.1
--------------------------------------------------------------------------
Thats All
For more details Visit HERE
