Skip to main content

Nmap

URL: www.insecure.org/nmap/

Client OS: UNIX, Windows NT (ported by eEye Digital Security)
Target OS: TCP/IP networks
Classification: Discovery tool
Price: Free
Description:  While Nmap is a most powerful port scanner, it can also serve as a more sophisticated ping sweep utility. In this chapter, we discuss only Nmap's ping capability.

If the target network is blocking ICMP ECHO requests and replies, Pinger and other normal ping utilities will not be able to identify any active systems. Additionally, the target network may have the most crucial systems configured to not respond to ICMP ping but may allow some nonessential systems to respond to ICMP ping to trick attackers. By finding some interesting hosts that respond to ping, the attacker may not think to use a more sophisticated ping tool to identify hosts not responding to ICMP ping. Nmap provides the capability to perform TCP pings on TCP ports rather than the usual ICMP that everyone associates with ping. Nmap sends a TCP ACK or SYN packet to the specified port in hopes that the target will send an RST packet indicating it is up. By pinging the hosts on a TCP port or using a different source port, you may be able to identify hosts that have restricted ICMP ECHO replies but are still alive on the network. Additionally, Nmap has a detection function that enables it to guess the operating system of the target through analysis of the TCP/IP sequence.

Nmap is a powerful, stealthy tool. If used properly it can provide excellent results while enabling you to remain undetected on the target network. Nmap can be difficult to use if you are not familiar with UNIX. This tool gives you an excellent reason to learn enough about UNIX to get by so you can take advantage of all the features of this tool. There is a GUI version of the tool called NmapFE. NmapFE does not offer all the options the command line Nmap offers, but it is easy to use.

Use:  Nmap operates on Linux and a host of other UNIX-flavored operating systems and requires a command line interface, unless you are using NmapFE. Nmap has also been ported to Windows NT by eEye Digital Security, but we have had problems getting it to work properly and prefer the Linux version. Nmap has several options for scanning networks, but in this chapter we cover only those options that pertain to TCP pings and OS identification. Whether or not you find active hosts on the network, TCP pings should be performed to find those hosts that may not be responding to ICMP pings. TCP pings use TCP ACK or SYN packets to elicit an RST from the target. Nmap provides a TCP ping utility using the -sP option. For root users, -sP sends both ICMP and TCP ACK. You can specify TCP ACK packets by using the -PT option or SYN packets using -PS. Nmap sends these packets to port 80 by default, but you may need to vary the port to find one that is not filtered by the target. Normally ports 80, 53, and 443 are good ports to try.

The following command performs a TCP ping by sending a TCP ACK packet to the target IP address on port 53:
nmap -PT53 ipaddress -o outputfile.txt
 
Another option Nmap provides is OS identification. Knowing the operating system is a critical piece of information during penetration testing. When you use the -O option in Nmap, the tool attempts to guess the operating system of the target through TCP/IP fingerprinting. Nmap performs a number of tests against the system being scanned and compares the profile of the target's TCP stack against a database of known fingerprints. The following command performs OS identification in addition to a port scan:
nmap -sT -O ipaddress 
 
Benefits:  Nmap is a powerful tool that is considered one of the best port scanners in the industry. It offers many different options and the output is very reliable.

Con:  The tool can be difficult to use and install if you are not familiar with UNIX.
Labels:

Comments

Post a Comment

Popular posts from this blog

Network-Based and Host-Based Vulnerability Scanners

There are two main types of automated scanners, network-based and host-based. Network-based scanners attempt to look for vulnerabilities from the outside in. The scanner is launched from a remote system such as a laptop or desktop with no type of user or administrator access on the network. Conversely, the host-based scanner looks at the host from the inside out. Host-based scanners usually require a software agent to be installed on the server. The agent then reports back to a manager station any vulnerabilities it finds. Network-based scanners look for exploitable remote vulnerabilities such as IIS holes, open ports, buffer overflows, and so on. Host-based scanners look for problems such as weak file permissions, poor password policy, lack of security auditing, and so on. Host-based and network-based scanners complement one another well. It is very effective to employ both when testing critical systems. Again, you need to be careful when using these scanners. Network-b...
Post a Comment
Read more

Luxury streetwear and urban fashion trends

As the world of fashion continues to evolve, luxury streetwear and urban fashion trends have emerged as a major player in the industry. These styles blend the high-end sophistication of luxury fashion with the edgy, street-inspired aesthetic of urban wear, creating a unique and fashionable look that is perfect for both day and night. One of the key players in the luxury streetwear scene is the brand Supreme, whose iconic logo and collaborations with luxury brands like Louis Vuitton and Nike have made it a household name. Another popular luxury streetwear brand is Off-White, known for its bold, graphic prints and collaborations with fashion giants like Nike and IKEA. But luxury streetwear isn't just limited to big-name brands. Indie designers and smaller labels are also making waves in the industry, with their unique, one-of-a-kind pieces that combine luxury materials with street style. One of the key trends in luxury streetwear is the use of high-end materials like leather, suede, ...
Post a Comment
Read more

IMAP and POP

IMAP and POP are mail protocols that enable users to remotely access e-mail. Since these protocols are designed and used for remotely accessing mail, holes are frequently open in the firewall allowing IMAP and POP traffic to pass into and out of the internal network. Because this access is open to the Internet, hackers frequently target these protocols for attack. Many exploits are available that enable hackers to gain root access to systems running IMAP and POP protocols. To defend against these exploits, system administrators should first remove IMAP and POP from the systems that do not need these services. Additionally, system administrators should ensure they are running the latest versions of the software and should monitor for and obtain all system patches.
Post a Comment
Read more