Google


ADBRITE ads links
You are here: CodeIdol.com > Unix > Linux® Quick Fix > Simple Network Troubleshooting > Using Nmap

SAVE
Digg
Shown on del.icio.us del.icio.us
See Whos Talking About This on Technorati Technorati
I've Reddit reddit

Using nmap

You can use nmap to determine all the TCP/IP ports on which a remote server is listening. It isn't usually an important tool in the home environment, but it can be used in a corporate environment to detect vulnerabilities in your network, such as servers running unauthorized network applications. It is a favorite tool of malicious surfers and therefore should be used to test external as well as internal servers under your control.

Whenever you are in doubt, you can get a list of available nmap options by just entering the command without arguments at the command prompt:

     [root@bigboy tmp]# nmap
     Nmap V. 3.00 Usage: nmap [Scan Type(s)] [Options] <host or net list>
     Some Common Scan Types ('*' options require root privileges)
     * -sS TCP SYN stealth port scan (default if privileged (root))
       -sT TCP connect() port scan (default for unprivileged users)
     * -sU UDP port scan
       -sP ping scan (Find any reachable machines)
     ...
     ...
     [root@bigboy tmp]#

Some of the more common nmap options are listed in Table 4.6, but you should also refer to the nmap man pages for full descriptions of them all.

Table 4.6. Commonly Used nmap Options

Argument

Description

-P0

Attempts to ping a host before scanning it. If the server is being protected from ping queries, you can use this option to force it to scan anyway.

-T

Defines the timing between the packets set during a port scan. Some firewalls can detect the arrival of too many nonstandard packets within a predetermined time frame. This option can be used to send them from 60 seconds apart with a value of 5, "insane mode," to 0.3 seconds with a value of 0 in "paranoid mode."

-O

Tries to detect the operating system of the remote server based on known responses to various types of packets.

-p

Lists the TCP/IP port range to scan.

-s

Defines a variety of scan methods that use either packets that comply with the TCP/IP standard or are in violation of it.


Here is an example of trying to do a scan using valid TCP connections (-sT) in the extremely slow insane mode (-T 5) from ports 1 to 5000:

     [root@bigboy tmp]# nmap -sT -T 5 -p 1-5000 192.168.1.153

     Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
     Interesting ports on whoknows.my-site-int.com (192.168.1.153):
     (The 4981 ports scanned but not shown below are in state: closed)
     Port       State       Service
     21/tcp open            ftp
     25/tcp open            smtp
     139/tcp open           netbios-ssn
     199/tcp open           smux
     2105/tcp open          eklogin
     2301/tcp open          compaqdiag
     3300/tcp open          unknown

     Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
     [root@bigboy tmp]#

Full coverage of the possibilities on nmap as a security scanning tool are beyond the scope of this book, but you should go the extra mile and purchase a text specifically on Linux security to help protect you against attempts at malicious security breaches.

    SAVE
    Digg
    Shown on del.icio.us del.icio.us
    See Whos Talking About This on Technorati Technorati
    I've Reddit reddit

    You are here: CodeIdol.com > Unix > Linux® Quick Fix > Simple Network Troubleshooting > Using Nmap
    		    
    Related tags







    Popular Categories
    Unix books and guides
    AJAX popular information
    C# language guides
    Windows books and cookbooks
    .......





    © CodeIdol Labs, 2007