Esteban Herlein

Addicted to discovering, learning and understanding technologies.

2 minute read

Nmap (Network Mapper) is a free software utility that lets you explore, manage and audit the security of computer networks.

It can detect online hosts, their open ports, services and applications running on them, their operating system, what firewalls / filters run on a network and what type they are.

Usage

Scan a single host

~# nmap -hostname or ip-

This will ping the host checking if it’s alive, it’ll also check the 1000 most common ports sorting them by open, close or filtered state

Scan a range of hosts in CIDR format

Ex: ~# nmap 192.168.1.1/24

This will ping a range of host checking if they are alive, it’ll also check the 1000 most common ports sorting them by open, close or filtered state. This particular example will scan the 254 hosts that could be alive inside this network.

Scan ports

~# nmap -p 20, 80 -hostname or ip-

This will ping the host checking if it’s alive, it’ll also check the current state of both port 20 and 80

~# nmap -p 20-80 -hostname or ip-

Here we check the state of every port between 20 and 80

Please be verbose

~# nmap -vv -hostname or ip-

passing one or two v’s as parameters will output more information on realtime to the scan file. This comes handy when you are pure anxiety.

I can't afford to be agressive

~# nmap -sS -hostname or ip-

This scan wil start the syn-ack tpc connection sequence but it wont finish them, giving you information about the ports but leaving the destination host in the shadows

I can afford to be agressive

~# nmap -A -hostname or ip-

This option will get as much information as it can from the host, but it wont be a stealthy scan.

Service detection

~# nmap -sV -hostname or ip-

Nmap contains a database of about 2,200 well-known services and associated ports. Examples of these services are HTTP (port 80), SMTP (port 25), DNS (port 53), and SSH (port 22):

OS detection

~# nmap -O -hostname or ip-

The -O option activates OS fingerprinting, the information you get from this scan is likely a guess and not a fact.

Output scan to file

~# nmap -oA -filename- -hostname or ip-

This will ping the host checking if it’s alive, it will also output the contents of the scan to a file with the chosen name in three formats. You can choose one of the three by using its defined parameter, oX XML, oN human readable and oG a grepable log.

Tags:

Categories:

Updated:

You May Also Enjoy

Arrangement

5 minute read

Equipped with the subject matter for your argument or speech, after having determined the issue at hand, thought out appropriate supporting arguments drawn f...

Sources of proof

4 minute read

Know the areas where you must hunt for, and track down what you are trying to find. Once you have surrounded the entire place with the nets of your though...

On persuasive speech: Marcus Tullius Cicero

4 minute read

The nature of eloquent and persuasive speech has been fiercely debated. Is rhetoric an art or a skill? Does it require natural ability, or can it be aquired ...

The next best thing

less than 1 minute read

“You do what you can for as long as you can, and when you finally can’t, you do the next best thing. You back up but you don’t give up.”