Nmap

2006-07-12

What is Nmap?

Nmap is a network exploration tool and security scanner that was designed to find if certain hosts are up and what ports/services they provide. In this article I will describe several scenarios that I use nmap for. Note: Be prepared to suffer the consequences when using nmap on network infrastructures you do not own. Organizations do not like hundreds of SYN packets showing up in their firewall logs.

Common Nmap Options

-sS for only SYN packets
-sT to do a full TCP scan SYN/ACK
-v for verbose output
-O for operating system figerprinting (detect their OS)
-P0 don't ping the host before scanning
-p specify ports to scan

Range of Hosts

You can specify a range of hosts by using these methods:
wildcard - 192.168.*.*
range - 192.168.0-255.0-255
netmask - 192.168.0.0/16

Again, you should probably only scan hosts in which you have access to.

Stealth...the fun part

There are two ways to hide the source of the scanner(you). The first uses IPID's of vulernable middle man hosts to mask the source of the packets. If you are able to find a host that has a predictable TCP sequence, you can watch the IPID values to see if they've received a ACK packet.

nmap -sS -sI vulnerablehost targethost

The second way is using dummy hosts to flood the log files so that your IP is mixed up in a whole mess of other IPs

nmap -sS -D host1,host2,ME,host3,host4 targethost

Categories

Home
About me
Portfolio
Notes
Links

Blog Entries

2008

Cantors Diagonalization
Bash Shell Script Image Thumbnail Creation
Linear Algebra part 2 - Inverses and LU

2007

Linear Algebra part 1 - Gauss Jordan Elimination
Image Rectification

2006

XMLHttpRequest
Nmap
Dual Monitor, Hidden Window
Home Network Installation
Apache Statistic Script
Uncommon Uses for SSH