Introduction
before getting started you need to learn firstly what is Nmap before delving into this article
you can find all you need to have a general knowledge about the tool : Exploring networks safely with Nmap
Installing and figuring Nmap
To install and configure Nmap, you'll need to follow these general
steps:
1. download and install nmap: it depends on your operating system that you are using, you can install Nmap through package managers like apt (for Debian/Ubuntu-based systems)
sudo apt update
sudo apt install nmap
2. Verify Installation: After installation, you can verify that Nmap is installed correctly in the OS you are using by running:
nmap --version
3. Basic Usage: Familiarize yourself with basic Nmap commands. For example, to scan a target host for open ports, you can use:
nmap [target]
4. try to learn Options: Nmap has various options and flags you can use to
customize scans according to your requirements. Some commonly used options
are `-sS` for TCP SYN scan, `-sU` for UDP scan, `-p` to specify ports, and finally `-A`
for aggressive scan. You can explore these options in the Nmap
documentation or by running `man nmap` in the terminal.
5. Scan Techniques: Understand different scan techniques such as TCP
connect scan, SYN scan, UDP scan, etc., and when to use them depending on your goals
and network environment.
6. Configure Scans: Depending on the target network and your specific
objectives, you might need to adjust scan parameters such as timing options
(`-T`), scan delays, output formats (`-oA`, `-oN`, `-oX`), etc.
7. Understand Firewall and Permission Issues:
Ensure that you have the necessary permissions and firewall rules to
perform the scans you need.
8. Practice Ethical Use: Remember to use Nmap responsibly and ethically. Unauthorized scanning of networks or systems without permission is illegal and unethical. Always obtain proper authorization before conducting any scanning activities.
Host Discovery Techniques
Host discovery techniques are used to identify active hosts (devices) on a network. Here are some common host discovery techniques that can be employed using Nmap:
1. Ping Scan (-sn): This is the simplest and quickest host discovery technique. It sends ICMP echo requests (pings) to the target IP range and listens for responses.
Example:
nmap -sn [target]
2. TCP SYN Ping (-PS): Instead of using ICMP echo requests, this technique sends TCP SYN packets to target ports (usually port 80 and 443) and waits for SYN-ACK responses to determine if hosts are alive.
Example:
nmap -PS80,443 [target]
3. TCP ACK Ping (-PA): Similar to TCP SYN ping, this technique sends TCP ACK packets to target ports and waits for RST responses. It's used when SYN packets are blocked by firewalls or when stealth is required.
Example:
nmap -PA80,443 [target]
4. UDP Ping (-PU): This technique sends UDP packets to random ports on target hosts and waits for ICMP port unreachable messages, indicating that the host is alive.
Example:
nmap -PU [target]
5. ARP Scan (-PR): ARP (Address Resolution Protocol) scan is used on local networks. It sends ARP requests to all IP addresses in the specified range and listens for responses, which helps discover hosts on the local subnet.
Example:
nmap -PR [target]
6. ICMP Echo Ping (-PE): This technique sends ICMP echo requests (ping) to target hosts and waits for ICMP echo reply responses to determine if hosts are alive.
Example:
nmap -PE [target]
7. Custom Probe (-PO): Nmap allows specifying custom probes for host discovery. Users can define their own probe packets to send and wait for responses to identify live hosts.
Example:
nmap -PO [probe] [target]
8. List Scan (-sL): This technique doesn't send any packets to the target hosts but simply lists the IP addresses that Nmap would scan without actually performing the scan.
Example:
nmap -sL [target]
9. IP Protocol Scan (-sO): This scan type determines which IP protocols (TCP, UDP, ICMP, etc.) are supported by the target hosts without actually probing the ports.
Example:
nmap -sO [target]
Comments
Post a Comment