ServerBuddies Support Blog

nmap - Network exploration tool and security / port scanner

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

A typical Nmap scan is shown in Example 1. The only Nmap arguments used in this example are -A, to enable OS and version detection,script scanning, and traceroute; -T4 for faster execution; and then the two target hostnames.

Example 1. A representative Nmap scan

The CPAN is the Comprehensive Perl Archive Network and can be accessed at http://www.cpan.org/ , and searched at http://search.cpan.org/ .

First, are you sure that the module isn’t already on your system? Try “perl -MFoo -e 1″. (Replace “Foo” with the name of the module; for instance.

If you don’t see an error message, you have the module. (If you do see an error message, it’s still possible you have the module, but that it’s not in your path, which you can display with “perl -e “print qq(@INC)”".)

tcpdump - dump traffic on a network

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Example:

-n
Don’t convert host addresses to names. This can be used to avoid DNS lookups.

-nn
Don’t convert protocol and port numbers etc. to names either.

-vv
Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.

-X
When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.

-S
Print absolute, rather than relative, TCP sequence numbers.

Linux Network Time Protocol Setup

We can also synchronize the system clock with a remote server over the Network Time Protocol ( NTP).

For the one-time synchronization only, use the ntpdate command:

Check whether the selected NTP server is accessible:

Run the ntpdate command followed by one or more server addresses:

Enable the service.

Network Parameters for Hosts Only System

If the system is not going to be used as a firewall or gateway to pass IP traffic between different networks, then edit the file /etc/sysctl.conf and add or correct the following lines:

These settings disable hosts from performing network functionality which is only appropriate for routers.