This article describes the main operation of the nmap command in linux and existing solutions for the detection of such action.
See all open TCP ports on a machine, use of SYN messages, so no log on the target machine:
The same thing but with the option-F (fast scan) and-n (without DNS resolution):
Code:
nmap-F-n-sS 127.0.0.1
View all open UDP ports on a machine:
See if a machine is on the network (Ping scan):
Scan a range of addresses. Here any address in 192,168,255 192.168.0:
Know the operating system of the machine (TCP / IP fingerprint):
If nmap can not determine the version, we can ask him to give us a list of systems that could potentially match:
Code:
nmap-O - osscan-guess 127.0.0.1
Scan a specific port. Here is the http port:
Code:
nmap-p 80 127.0.0.1
Scan a range of ports. Here we scan port 0 to 80 and all those above 60000):
Code:
nmap 127.0.0.1-p 0-80.60000
Scan web servers at random on the network:
Code:
nmap-v-sS-iR 0-p 80
Disable reverse DNS hosts, increases speed:
Rebounds per scan ftp, can request to an FTP server to port scan it for you (send files to test open ports). This feature is often disabled FTP servers in order to prevent abuse. Here we go by the ftp server which has the address 127.0.0.1 to scan a range of IP addresses:
Code:
nmap-b 127.0.0.1 192.168.0, .0-255
Spoof the source IP address. Here we scan 127.0.0.1, the network interface eth0 by pretending to be from 10.0.0.0 port 80:
Code:
nmap-S 10.0.0.0-g 80-e eth0-P0 127.0.0.1
Spoof MAC address:
Code:
nmap - spoof-mac 01:02:03:04:05:06 127.0.0.1
nmap - spoof-mac Cisco 127.0.0.1
Choose an output file to write the scan results:
Code:
nmap-oN matches 127.0.0.1
nmap-oX result.xml 127.0.0.1
Trace packets and data sent and received. Practice to verify that a theft works:
Code:
nmap - packet-trace-S-eth0 10.0.0.0 127.0.0.1
Bookmarks