Mastering Nmap: Essential Network Scanning and Security for Linux
May 8, 2023 Off By DasNmap is a scanning tool.
As one It can help us determine what hosts is available on specific network, what services are open, what programs run on each port and OS systems of clients.
It used for security and administrations purposes.
Scan example
Under the “PORT” heading, next to the port number, NMAP tells us whether it is TCP or UDP port. Notice that by default, NMAP will conduct a TCP scan unless you specifically requeste to perform a UDP scan by adding -sU to the command.
Under the “STATE” heading we can learn if the port status. In this example all of the ports are open. sometimes we will see other states:
NMAP States
- Closed: A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it
- Filtered: Nmap cannot determine whether the port is open because packet filtering prevent reaching the port. It can happen, for example, if there is a firewall rule that blocks the connection.
- Unfiltered: a port is accessible, but it is not possible to determine whether it is open or closed.
- open|filtered: it is not possible to determine whether a port is open or filtered.
- closed|filtered: it is not possible to determine whether a port is closed or filtered.
Under the “Service” heading we can learn what service is usually works on the given port. Notice that other service may use that port as non standard port.Therefore, in order to be 100% sure we need to specify NMAP to interact with the service,for example by adding -sV to the command-line (which will check for the service version).
Under the “Version” heading we can learn the application version. As said before, NMAP will interact with the remote machine to check that information. Sometimes The version can help us reveal the OS version.
NMAP common options
- -sL: List Scan – simply list targets to scan
- -sn: Ping Scan – disable port scan
- -Pn: Treat all hosts as online — skip host discovery
- -p <port ranges>: Only scan specified ports
- Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
- –exclude-ports <port ranges>: Exclude the specified ports from scanning
- -F: Fast mode – Scan fewer ports than the default scan
- -r: Scan ports consecutively – don’t randomize
- -sU: UDP Scan
- -sV: Probe open ports to determine service/version info
- -O: Enable OS detection
- -V: Print version number
- -h: Print this help summary page