Mastering Nmap: A Comprehensive Guide for Network Scanning and Security

Rahul Thakur
By -Rahul Thakur
October 09, 2022
0

Nmap (Network Mapper) is an open-source tool used for network exploration and security auditing. It can perform a wide variety of network discovery and auditing tasks. In this guide, we will cover various Nmap commands, port scanning techniques, scan types, output formats, NSE scripts, and additional options to enhance your network security skills.


Basic Nmap Commands

Scanning Single and Multiple IPs

  • Single IP: nmap 192.168.0.1
  • Subnet (CIDR) Range: nmap 192.168.0.1/8
  • IP Range: nmap 192.168.0.1-8
  • Specific IPs: nmap 192.168.0.1 5.6.7.8
  • From Text File: nmap -iL host.txt
  • Domain: nmap target.com

Port Scanning Techniques

Scanning Specific Ports

  • Single Port: nmap 192.168.0.1 -p80 (only port 80)
  • Port Range: nmap 192.168.0.1 -p20-30 (ports 20 to 30)
  • Selected Ports: nmap 192.168.0.1 -p80,22,111
  • Service-Specific Ports: nmap 192.168.0.1 -p http (port 80, 8008)
  • Protocol-Specific Ports: nmap 192.168.0.1 -p T:80,U:53 (TCP and UDP scan)
  • All Ports Scan: nmap 192.168.0.1 -p- (scan all 65535 ports)

Scanning Popular Ports

  • Top Ports: nmap 192.168.0.1 --top-ports

Advanced Scan Techniques

Different Types of Scans

  • TCP Connection Scan: nmap -sT
  • TCP SYN Scan: nmap -sS (half-open scan)
  • FIN Scan: nmap -sF
  • XMAS Scan: nmap -sX
  • NULL Scan: nmap -sN (sending blank packet)
  • Ping Scan: nmap -sP
  • UDP Scan: nmap -sU
  • ACK Scan: nmap -sA (firewall scan)

Customizing Scan Timing and Performance

  • Host Timeout: nmap --host-timeout 500ms 192.168.0.1
  • Scan Delay: nmap --scan-delay 1s 192.168.0.1 (send packets every 1 second to avoid IDS detection)
  • Fast Scan:
    • nmap -T5 (fastest, may give false positives)
    • nmap -T4 (recommended for normal network speed)
    • nmap -T3 (default scan speed)

Status Codes

  • Open: [SYN+ACK]
  • Closed: [RST+ACK]
  • Filtered: (firewall drops your packets)
  • Unfiltered: (scan packets are not dropped)
  • Open|Filtered: (undefined packet received)
  • Closed|Filtered: (idle scan)

Output Formats

  • Normal Text Format: -oN
  • XML Format: -oX
  • Grepable Format: -oG
  • Script Kiddie Format: -oS

NSE (Nmap Scripting Engine) Scripts

Nmap's scripting engine allows users to extend the functionality of the scanner by using custom scripts for specific tasks. Some common NSE scripts include:

  • Firewall Bypass
  • FTP Enumeration
  • DNS Enumeration
  • HTTP Enumeration

Example: nmap target.com --script http-headers

You can find all available NSE scripts in /usr/share/nmap/scripts.

Additional Nmap Options

  • Service Version Detection: nmap -sV 192.168.0.1
  • OS Detection: nmap -O 192.168.0.1
  • Verbosity: nmap -v 192.168.0.1
  • Service + OS Detection + Scan + Traceroute: nmap -A 192.168.0.1

Conclusion

Nmap is a powerful tool for network scanning and security auditing, offering a wide range of features to identify vulnerabilities and understand the security posture of your network. By mastering these commands and techniques, you can effectively enhance your network security measures and protect against potential threats.

Feel free to explore the official Nmap documentation and experiment with various options to become proficient in using this versatile tool. Happy scanning!

Tags:

You Might Like

Show more
Hacking tools

Post a Comment

0Comments

Post a Comment (0)
Share to other apps
Copy Post Link