Second phase of ethical hacking is scanning
and it is as important as information gathering. That’s where we use NMap and
its handy features. Nmap (so called Network Mapper) is very useful and quite famous
utility now days which you can for network scan. This post will walk you though
nmap ports scan strategies.
It is available in both command line and graphical
user interface. Other interesting things about nmap is that you can use it for other
multi-purposes things like host
scanning, port scanning, vulnerability scanning, getting operating system and
version.
★ Learn About DOS / DDOS Attack
It can be used to perform network scans to
identify which services a target host is running, operating system, software,
firewalls and much more.
Downloading and Installing:-
Nmap is already installed in Kali Linux or
other major penetration testing distros like backtrack. If you are using other
platform like Windows, Linux you can download and install it from below link.
But before I show you port scanning using
nmap, I recommend you to read one of my previous posts about TCP/UDP.
Nmap Scanning Types:-
TCP
SYN Scan:-
Hope
you have learnt about TCP/UDP and three way handshake from previous posts.
In
SYN scan, we use TCP to connect with target but do not make full connections
with target host system.
In
other words, it send SYN packet, target host reply with SYN/ACK packet in
response, now according to TCP our system should reply to SYN/ACK packet with
ACK or Acknowledgement packet. But it’ll never do that. SYN scan will not reply
to SYN/ACK. It does not make full connection with target.
Therefore,
it is undetectable because windows record logs of complete connect but this TCP
SYN does not make full connection with target host.
And that’s why we also call it stealth scan.
Now
let’s perform a simple TCP SYN scan using nmap. Open terminal, type below
command and hit enter.
nmap –vv –sS 192.168.12.51
nmap
-> Name of tool to start
-v
or -vv -> Verbose or very verbose used to make our scan result to appear in
more understandable way.
-sS
-> -s is used to define scan type and -sS is for SYN scan type.
192.168.12.51
or target host -> it is my target host’s ip address. You need to replace
this IP Address with your target system’s IP address.
TCP Scan:-
It is same as TCP SYN scan but unlike TCP
SYN, it replies to SYN/ACK packet and makes full connections with target
system. Thus it makes it detectable. Moreover or important is that, it is used
to scan for TCP ports only. Use below command for this scan.
nmap
–vv –sT 192.168.12.51
-sT -> it refers to TCP scan type.
UDP
Scan:-
This scan is used to scan for open UDP
ports in target system. UDP is connectionless protocol. Hence it is not as
reliable as TCP is. To perform a UDP Scan, use this syntax.
nmap
–vv –sU 192.168.12.51
-sU refers to UDP scan type.
FIN
Scan:-
Like SYN packet is used or sent to make
connection, FIN is used to drop or to get disconnect from target system. This
scan is very helpful in case if your target system have Firewalls or IDS.
Simple syntax its command is as follows.
nmap
–vv –sF 192.168.12.51
Where –sF is referring to FIN scan.
Other NMap Usage:-
Detect
Operating System: - To detect operating system of
target system along with the scan use below command syntax.
nmap
–vv –sS –O 192.168.12.51
-O option is used to detect operating
system.
Scan
Multiple Hosts: - You can perform scan for multiple
hosts at one time. For this, you must write ip address of another second host
just after the first by giving a space.
nmap
–vv –sS 192.168.12.51 192.168.12.52
And so on.
You can scan entire subnet using this
syntax.
nmap
–vv –sS 192.168.12.1/24
Version
Detection: - It is very useful feature in nmap. You
can also detect software or service version. However version scan takes little
bit more time than others.
nmap
–vv –sV –sT 192.168.12.51
-sV option is used for version detection.
Scan
for Specific Ports: - Consider a scenario where you
want to scan only some specific ports on target. You can do this using nmap using –p option
with this syntax.
nmap
–vv –sS –p80,443 192.168.12.51
Here in this example, I used –p nmap option
to scan for port 80 and 443 only.
Another one, you can scan
for open ports within specified. For example:-
nmap
–vv –sT –p1-500 192.168.12.51
It’ll scan for open TCP ports within range
of 1 to 500.
Now you need to keep practice nmap port scanning within your lab to
understand it. Nmap is not just limited to these features only. You can learn
more about this tool using google and other ethical hacking blogs. We’ll soon
update this post so keep visiting to our blog or subscribe for our newsletter.
you know so many nuances, thanks for sharing them with such beginners as I am!
ReplyDeleteThat was an interesting thing to read about. I hope that you'll add more materials on the topic.
ReplyDeleteVery good that I accidentally found your article, because this is a very urgent topic for me now.
ReplyDelete