Using nmap for Network Discovery

nmap

nmap is short for Network Mapper.  It is an open-source network probe and is integrated into many vulnerability assessment applications.  It primarily performs host discovery and operating system detection.  Hackers use nmap to perform the discovery process.  It is most popular on the Linux platform of which it is was originally designed.  It has been ported to Windows, macOS, and BSD.

Features

  • host discovery;
  • port scanning;
  • version detection;
  • OS detection

Installation on Red Hat Based Systems

# Red Hat Linux Based Command
yum install nmap

Installation on Debian Based Systems

# Debian Linux Based Command
sudo apt-get install nmap

nmap Examples

Scan with OS Detection

# Scan a Single Host IP Address with OS Detection
nmap -A 10.0.0.1

Scan a Host Name with OS Detection

# Scan a Host Name with OS Detection
nmap -A server.example.com

Scan with OS Detection and Increased Verbosity

# Scan a Host Name with OS Detection and Increased Verbosity
nmap -vv -A server.example.com

Scan Against a Network or Subnet

# Scan a Network or Subnet
nmap 10.0.0.0/24

Scan Against a Range of IP Addresses

# Scan a Range of IP Addresses
nmap 10.0.0.1-10.0.0.100

Scan Against a Single Port

# Scan a Single Port Against a Single Host IP
nmap -p 443 10.0.0.1

Scan Against Multiple Ports

# Scan Multiple Ports Against a Single Host IP
nmap -p 80,443,3306 10.0.0.1

Scan Against a Range of Ports

# Scan a Rang of Ports Against a Single Host IP
nmap -p 1-1024 10.0.0.1

Scan Against All Ports

# Scan all Ports Against a Single Host IP
nmap -p "*" 10.0.0.1

Perform a TCP SYN Scan

From the nmap Book: SYN scan is the default and most popular scan option for good reason. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections.

# Perform a TCP SYN Scan Against a Single Host IP
nmap -sS 10.0.0.1

Scan for Specific TCP Ports

# Scan Specific TCP Ports Against a Single Host IP
nmap -p T:443 10.0.0.1

Scan Showing Only Open Ports

# Scan for Open Ports Against a Single Host IP
nmap --open 10.0.0.1

Scan with Firewall Detection

# Scan with Firewall Detection Against a Single Host IP
nmap -sA 10.0.0.1

Scan Hosts when Protected by a Firewall

# Scan Hosts When Protected by a Firewall
nmap -PM 10.0.0.0/24

Perform an Idle Scan

# Perform an Idle Scan Against a Single IP Address with a 10.0.0.232 Source Address
nmap -sI 10.0.0.1 10.0.0.232

Hits: 186

Related Articles

Secure Data Wiping & Destruction

Data wiping is an important part of business operations and any information security program. For those that have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, and physical storage devices.

Cybersecurity Threat Report for May 14th, 2020

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity. There are 4 other levels. There’s Low, Elevated, High, and Severe.  From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”

Responses

Your email address will not be published. Required fields are marked *

  • Sign Up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.