What is nmap exactly?
- Helps you find what computers are on the network
- Nmap discovers find what ports are open
- Discovers what services are running
- Operating system version detection
- Hardware (MAC) address detection
- Service version detection
- Vulnerability/exploit detection, using Nmap scripts (NSE)
verview of networking
To begin with, let’s talk about what exactly is a network scan for those of you unfamiliar with network scanning. What is a network exactly? It’s honestly not that scary; its just a bunch of computers connected together in a small bubble. However, your home is a perfect example and if your tech-savvy you have about ten devices connected to your router.
Additionally, your router is what assigns your computer an IP address via dynamic host configuration protocol. Although the routers IP address (otherwise known as the default gateway) is usually 192.168.0.1. However, the .1 stands for the device number (usually the router) and all the other computers on the network could be device number .2-254. This all depends on the netmask; I will cover this another time.
What is NMAP?
Nmap is eventually a tool to discover what devices are on a network. It also allows you to see what services are open (called ports) depending on the type of scan you run. Networks Admins and Hackers alike use this tool to probe networks to see what software is running on the target systems. There are variously commands and techniques that you can use to probe networks. Although the default Nmap command will usually set off intrusion detection systems due to their packet signature. That’s where the -T1 or -T2 flag comes in which slows down the scan so that way it can be evaded by IDS systems. Down below I’ve created a cheat sheet of NMAP commands that you can follow. However, to fully understand what it’s doing I would recommend using Wireshark while running a scan on your own network.
Nmap Command Cheat Sheet
|Stealth scans the network, listing machines and there operating system.|
|Full TCP port scan using with service version detection – usually my first scan, I find T4 more accurate than T5 and still “pretty quick”.|
|Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services.|
|Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services.|
|Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection.|
|Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + full port range scan.|
|Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + full port range scan|
If you’d like to learn more about Nmap; I’d highly recommend this book on scanning networks.