Network Scanning using Nmap

Useful nmap commands to help you detect your hosts on the network.

HOST SCANNING

A Simple Scan:
# nmap localhost

Scan a hostname with more info:
# nmap -v localhost

Only show open ports:
# nmap –open 192.168.0.4

Scan specific ports
# nmap –v -sU -sT -p U:53,111,T:21-25 192.168.0.47

TCP connect() scan (nmap –sT):
The TCP connect() scan is useful when you do not have root access to a computer.
Its weakness is that it leaves traces in the log files of the remote computer because
it opens TCP session to the remove machine.
# nmap –sT 192.168.0.47 or 192.168.0.0/24

TCP SYN scan (nmap –sS):
Does not log files because the TCP connection is never initialized. Needs to run as root.
# nmap –sS 192.168.0.47 or 192.168.0.0/24
# nmap –sS –O 192.168.0.47 or 192.168.0.0/24

Ping scan (nmap –sP):
This is a very fast scan as it only sends ICMP Echo Requests.
# nmap –sP 192.168.0.0/24

UDP scan (nmap –sU):
This scan is the only way to detect UDP open ports.
# nmap –sU 192.168.0.47

Exclude hosts
You can exclude ips from the hosts…
# nmap –sP 192.168.0.0/24 –exclude 192.168.0.254, 192.168.0.47
# nmap –sP 192.168.0.0/24 –excludefile ex_ipsfile

FIREWALLS & SECURITY

Check if host/network is behind a fw
# nmap –sA 192.168.0.47

Scan if protected by a fw
# nmap –PN 192.168.0.47
# nmap –PS 192.168.0.47

Scan for SSL Certs
nmap –script ssl-enum-ciphers -p 443 <host> or subnet 192.168.3.0/24

Scaned Cloaked with decoys ( fake ips )
nmap -n -D5.6.7.7,192.168.3.9 subnet 192.168.3.0/24

Show all packets sent and received:
# nmap –packet-trace 192.168.0.4

VERSION CONTROL & OS DETECTION

Check the version:
# nmap –V

Detect services version numbers
# nmap –sV 192.168.0.47

Scan a Linux machine Control Scan speeds
nmap –A –T4 192.168.0.47
-A option enables operating system and version detection
-T4 (0-5) control scan speed to prevent network traffic, lower number lower traffic

GENERAL

Use a text file as input (nmap –iL):
Use a text file input to do a host scan.
# nmap –sU -iL myfile

 Save scan to an XML file and convert to HTML
# nmap -sS -oX file.xml 192.168.0.47
Download xalan-2.7.0.jar
wget http://central.maven.org/maven2/xalan/xalan/2.7.0/xalan-2.7.0.jar
Convert XML to HTML file
java -jar xalan-2.7.0.jar -IN Desktop/file.xml -OUT Desktop/nmap-output.html
reference:
http://nmap.org/book/output-formats-output-to-html.html

If you are not a fan of command line nmap then you can install a gui version called:
zenmap

 

 

No Comments Yet.

Leave a comment

You must be Logged in to post a comment.