Archive for the tag 'Nmap'

nmap - Network exploration tool and security / port scanner

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

A typical Nmap scan is shown in Example 1. The only Nmap arguments used in this example are -A, to enable OS and version detection,script scanning, and traceroute; -T4 for faster execution; and then the two target hostnames.

Example 1. A representative Nmap scan

# nmap -A -T4 scanme.nmap.org

Scanning Hosts with Nmap for vulnerability assessment.

Using Nmap

Nmap can be run from a shell prompt by typing the nmap command followed by the hostname or IP address of the machine to scan.

nmap 192.168.0.10

Administrators can use Nmap on a network to find host systems and open ports on those systems.

Nmap is a popular tool included in Red Hat Enterprise Linux that can be used to determine the layout of a network. Nmap has been available for many years and is probably the most often used tool when gathering information. An excellent man page is included that provides a de-
tailed description of its options and usage.

Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host.

# nmap 127.0.0.1

Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-16 16:05 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
3128/tcp open squid-http
3306/tcp open mysql

Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds

For more information about using Nmap, refer to the official homepage at the following URL: http://www.insecure.org/