Using nmap for Network Discovery

Robert Cluett May 16, 2020

nmap is short for Network Mapper.  It is an open-source network probe and is integrated into many vulnerability assessment applications.  It primarily performs host discovery and operating system detection.  Hackers use nmap to perform the discovery process.  It is most popular on the Linux platform of which it is was originally designed.  It has been ported to Windows, macOS, and BSD.

Features

  • host discovery;
  • port scanning;
  • version detection;
  • OS detection

Installation on Red Hat Based Systems

# Red Hat Linux Based Command
yum install nmap

Installation on Debian Based Systems

# Debian Linux Based Command
sudo apt-get install nmap

nmap Examples

Scan with OS Detection

# Scan a Single Host IP Address with OS Detection
nmap -A 10.0.0.1

Scan a Host Name with OS Detection

# Scan a Host Name with OS Detection
nmap -A server.example.com

Scan with OS Detection and Increased Verbosity

# Scan a Host Name with OS Detection and Increased Verbosity
nmap -vv -A server.example.com

Scan Against a Network or Subnet

# Scan a Network or Subnet
nmap 10.0.0.0/24

Scan Against a Range of IP Addresses

# Scan a Range of IP Addresses
nmap 10.0.0.1-10.0.0.100

Scan Against a Single Port

# Scan a Single Port Against a Single Host IP
nmap -p 443 10.0.0.1

Scan Against Multiple Ports

# Scan Multiple Ports Against a Single Host IP
nmap -p 80,443,3306 10.0.0.1

Scan Against a Range of Ports

# Scan a Rang of Ports Against a Single Host IP
nmap -p 1-1024 10.0.0.1

Scan Against All Ports

# Scan all Ports Against a Single Host IP
nmap -p "*" 10.0.0.1

Perform a TCP SYN Scan

From the nmap Book: SYN scan is the default and most popular scan option for good reason. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections.

# Perform a TCP SYN Scan Against a Single Host IP
nmap -sS 10.0.0.1

Scan for Specific TCP Ports

# Scan Specific TCP Ports Against a Single Host IP
nmap -p T:443 10.0.0.1

Scan Showing Only Open Ports

# Scan for Open Ports Against a Single Host IP
nmap --open 10.0.0.1

Scan with Firewall Detection

# Scan with Firewall Detection Against a Single Host IP
nmap -sA 10.0.0.1

Scan Hosts when Protected by a Firewall

# Scan Hosts When Protected by a Firewall
nmap -PM 10.0.0.0/24

Perform an Idle Scan

# Perform an Idle Scan Against a Single IP Address with a 10.0.0.232 Source Address
nmap -sI 10.0.0.1 10.0.0.232
Categories: Blog and News, Cybersecurity, Giveaway, Tools
Robert Cluett
Cybersecurity Engineer, Digital Privacy Advocate, Researcher, and Independent Journalist with more than 29 years of experience in the Telecommunications, Information Technology Services, Plastics, Consumer Goods, and Cybersecurity industries. Expansive technical skill-set and knowledge of mainstream and leading-edge technologies to deliver a broad range of business-enhancing technical solutions. Results-driven with a focus on continuous improvement and IT process automation.

Related Articles

Secure Data Wiping & Destruction

Data wiping is an important part of a businesses information security program. For those in compliance with federal regulations and have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, partitions and storage devices. Personally Identifiable Information (PII) is most often stored on digital media. Payment Card Information (PCI) is also likely to be stored on your drives. Due to the sensitive nature of this data one must destroy storage media properly. They must do so to be in compliance with federal and state laws. While the law mandates the proper destruction of data storage devices it is left unclear as to what constitutes “proper”. This article attempts to define a process that meets and exceeds what is expected by regulators.

Robert Cluett May 11, 2020

Our Corporate Facebook Policy

It recently came to my attention that someone posted a strange comment on a Facebook post I had created that had the audience set by default as “Friends”. After noticing this comment by this person that I did not recognize as someone I knew I checked the audience for the post and it was, in fact, set as “Friends”. I was left confused because I attempted to click on the name of the person who made the post and the it was not clickable indicating no link actually existed. I then searched her by name and the profile did not come up in the results. Again, I was left confused. I had the impression that someone who was not a “Friend” on my Facebook was somehow able to post a comment and subvert Facebooks security.

Robert Cluett February 15, 2021

OpenSSL Commands

SSL or Secure Sockets Layer is a legacy cryptographic protocol that offers end to end encryption. It acts to provides a level of data integrity and privacy during network communication.

Robert Cluett May 10, 2020

What is SSL?

SSL or Secure Sockets Layer is a legacy cryptographic protocol that offers end to end encryption. It acts to provides a level of data integrity and privacy during network communication.

Robert Cluett May 8, 2020

Our Charitable Causes: Restoration Gloucester

On July 20th, long time and well known Gloucester residents living in the historic Portuguese Hill area received a letter from a neighbor. The letter had no return address. It read, “Please Paint Me! 🙁 Eye sore – Your Neighbors. Thanks”.

The neighbors were unaware of the circumstances that lead to having to forgo repairs to their home. The house has been in the family for more than 75 years and is the current home to Jimmy and Marilyn Curcuru. Their daughter and mothers caretaker Lynanne also lives in the home. Marilyn is wheelchair bound and has been battling MS for almost 30 years. Jimmy recently recovered from a quadruple bypass. This loving family is well known in Gloucester and most know the hardships they have faced.

Robert Cluett February 13, 2021

Cybersecurity Threat Report for May 14th, 2020

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity. There are 4 other levels. There’s Low, Elevated, High, and Severe.  From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”

Robert Cluett May 15, 2020