Basic Usage of Nmap

[unlimitedtech]

This article describes the main operation of the nmap command in linux and existing solutions for the detection of such action.

See all open TCP ports on a machine, use of SYN messages, so no log on the target machine:

Code:

nmap-sS 127.0.0.1

The same thing but with the option-F (fast scan) and-n (without DNS resolution):

Code:

nmap-F-n-sS 127.0.0.1

View all open UDP ports on a machine:

Code:

nmap-sU 127.0.0.1

See if a machine is on the network (Ping scan):

Code:

nmap-sP 127.0.0.1

Scan a range of addresses. Here any address in 192,168,255 192.168.0:

Code:

nmap 192.168.0-255

Know the operating system of the machine (TCP / IP fingerprint):

Code:

nmap-O 127.0.0.1

If nmap can not determine the version, we can ask him to give us a list of systems that could potentially match:

Code:

nmap-O - osscan-guess 127.0.0.1

Scan a specific port. Here is the http port:

Code:

nmap-p 80 127.0.0.1

Scan a range of ports. Here we scan port 0 to 80 and all those above 60000):

Code:

nmap 127.0.0.1-p 0-80.60000

Scan web servers at random on the network:

Code:

nmap-v-sS-iR 0-p 80

Disable reverse DNS hosts, increases speed:

Code:

nmap-n 127.0.0.1

Rebounds per scan ftp, can request to an FTP server to port scan it for you (send files to test open ports). This feature is often disabled FTP servers in order to prevent abuse. Here we go by the ftp server which has the address 127.0.0.1 to scan a range of IP addresses:

Code:

nmap-b 127.0.0.1 192.168.0, .0-255

Spoof the source IP address. Here we scan 127.0.0.1, the network interface eth0 by pretending to be from 10.0.0.0 port 80:

Code:

nmap-S 10.0.0.0-g 80-e eth0-P0 127.0.0.1

Spoof MAC address:

Code:

nmap - spoof-mac 01:02:03:04:05:06 127.0.0.1 
nmap - spoof-mac Cisco 127.0.0.1

Choose an output file to write the scan results:

Code:

nmap-oN matches 127.0.0.1 
nmap-oX result.xml 127.0.0.1

Trace packets and data sent and received. Practice to verify that a theft works:

Code:

nmap - packet-trace-S-eth0 10.0.0.0 127.0.0.1

[unlimitedtech]

Keep out the scan ports of a machine is difficult enough. Even by adding rules to iptables, scan techniques are so diverse, it will not work 100%. However, one can very well use specialized tools in detecting. To use it, we're going to get the sources on the site officel and run the following commands:

Code:

cd / usr / local / src / 
tar zxvf *. tar.gz-scanlogd 
rm-f *. tar.gz-scanlogd 
scanlogd-cd * / 
make linux 
adduser scanlogd

Then we can start it manually via the command scanlogd. All attempts to scan the machine will be visible in / var / log / messages:

Code:

# Tailfer / var / log / messages | grep scanlogd 
December 3 5:54:43 p.m. scanlogd localhost: 192.168.0.188 192.168.0.175 to ports 80, 554, 256, 21, 22, 23, ..., TOS 00, TTL 64 @ 6:54:43 p.m.