Nmap
Nmap is a security port scanner originally written by Gordon Lyon. As a "Network Mapper" we can discover computers and services on a computer network. Nmap is capable of discovering passive services on a network despite the fact that such services aren't advertising themselves with a service discovery protocol. Nmap can also determine various details about the remote computers like operating system, device type, uptime, exact version number of that product and even vendor of the remote network card. Nmap runs on wide varity of platform like Linux kernal based OS, Microsoft Windows, Solaris, and BSD (including Mac OS X). In this tutorial we are going to use Nmap version 5.00 ( http://nmap.org ) and Ubuntu as the operating system.
Please see the associated text box of individual spoken tutorials on the website to decide the versions of software and OS to which it is applicable.
Let us try to find out the Operating System Version by including -O switch. Since we need to craft special TCP & UDP packets we need to become root to execute this command as shown.
Usage
bala@bala-laptop:~$ sudo nmap -O 192.168.56.101 [sudo] password for bala: Starting Nmap 5.00 ( http://nmap.org ) at 2011-10-18 14:14 IST Interesting ports on 192.168.56.101: Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 8080/tcp open http-proxy MAC Address: 08:00:27:9A:A5:DF (Cadmus Computer Systems) Running: Linux 2.6.X OS details: Linux 2.6.19 - 2.6.24 OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 15.02 seconds bala@bala-laptop:~$
Applications
1. Used to reveal the services running on a network. 2. Used to reveal the version of services running on a network. 3. Used to reveal the name of Operating system running on a network. 4. Used to reveal any unauthorized services running on a network. 5. Used extensively by network Penetration Testers, Computer Security Professionals, Auditors etc....
Prerequisites
* Hardware requirements 1GB+ of RAM would surely help, I am using 4GB RAM as I have to record things along. * Pentium 4 should be more than enough, though I am running mine on Intel Pentium Core2Duo * Good understanding of TCP/UDP packets. * Little understanding about Packet Capture tools like Wireshark or tshark, to visually see the TCP/UDP packets and understand TCP 3 way hand shake to form a connection. * Little understanding about Virtual Machines as we cannot attack any other machines to pull out the results, we will create a small network in our own computer to work things out.
Contents
BASIC - Level Zero Tutorials
- Introduction to nmap?
- Network Inventory
- Policy Compliance
- Security Auditing
- Downloading and Installing NMAP :-D
- Sudo apt-get - for Debian based machines
- yum install - for RPM based machines
- self-installer executable - for Windows machines
- Using NMAP
- Port Scanning
- Discovering Hosts
- Detecting Operating System
- Detecting Service and Application Versions
- Options in NMAP scanning
- Intro & Working with Zenmap
- Installing Zenmap
- Running Zenmap
- Carryout Zenmap scans
- Manipulate Zenmap profiles
- Administer Zenmap Results
LOG
Log
Stages in the life-cycle of Spoken Tutorials, the Stage0 and Stage1 gives the template which needs to be followed.
Stage 0
Stage1