Network Discovery using NMAP
Nmap is a network scanning and host detection tool that is very useful during several steps of penetration testing. It can be used for following purposes:
1. Detect the live host on the network.
2. Detect the open ports on the host.
3. Detect the software and the version to the respective port.
4. Detect the operating system, MAC address, software version etc.
Below are some commands to demonstrate the use of the NMAP.
# nmap ip/hostname
# nmap 10.14.153.31
The above command will show the information about the given host.
We can also specify the whole subnet for this purpose.
# nmap 10.14.153.0/24
Or
# nmap 10.14.153.142 10.14.153.212 10.14.153.25
We can also specify the range of IP address,
# nmap 10.14.153.10-100
We can also refer the hosts from a list of IPs.
# nmap –iL hosts.txt
Or
#nmap –sL hosts.txt
We can also use - - exclude option,
# nmap –sL 10.14.153.0/24 – exclude
We can specify the port number to scan them manually.
# nmap –p80,443,22 10.14.153.1-100
# nmap –sT 10.14.153.142
The above command can be used to check the open ports, the command will connect to every open port on the target machine and lists the open ports.
# nmap –sS 10.14.153.142
The above command is used to check open ports again, however the difference is that the T option will establish a real connection but S option will not make a full TCP connection to target machine. This type of scanning is logged to very less extent.
# nmap –sP 10.14.153.1/24
This is a simple ping scan to the complete network.
# nmap –PT80 10.14.153.5
This is an example for TCP ping scan.
Nmap is a network scanning and host detection tool that is very useful during several steps of penetration testing. It can be used for following purposes:
1. Detect the live host on the network.
2. Detect the open ports on the host.
3. Detect the software and the version to the respective port.
4. Detect the operating system, MAC address, software version etc.
Below are some commands to demonstrate the use of the NMAP.
# nmap ip/hostname
# nmap 10.14.153.31
The above command will show the information about the given host.
We can also specify the whole subnet for this purpose.
# nmap 10.14.153.0/24
# nmap 10.14.153.142 10.14.153.212 10.14.153.25
We can also specify the range of IP address,
# nmap 10.14.153.10-100
We can also refer the hosts from a list of IPs.
# nmap –iL hosts.txt
Or
#nmap –sL hosts.txt
We can also use - - exclude option,
# nmap –sL 10.14.153.0/24 – exclude
We can specify the port number to scan them manually.
# nmap –p80,443,22 10.14.153.1-100
# nmap –sT 10.14.153.142
The above command can be used to check the open ports, the command will connect to every open port on the target machine and lists the open ports.
# nmap –sS 10.14.153.142
The above command is used to check open ports again, however the difference is that the T option will establish a real connection but S option will not make a full TCP connection to target machine. This type of scanning is logged to very less extent.
# nmap –sP 10.14.153.1/24
This is a simple ping scan to the complete network.
# nmap –PT80 10.14.153.5
This is an example for TCP ping scan.
Thanks Sahil....We can easily fine the network details using nmap in linux server.
ReplyDeleteBut we can also use a command to find IP and MAC address of live hosts in our network.
#arp -a
ARP stands for address resolution protocol, So it only deals with IP and MAC address resolution. We have better options to do with NMAP, I think. :-)
ReplyDelete