Nmap-Network Mapping

Group Presenters
Renuka Tuluchan ID: 30305018
Faisal (ID: 30300944)
Raveel Yasin (ID: 30119581)
Deepak koirala (ID: 30104380)
Introduction to Nmap
What is Nmap?

Nmap stands for "Network Mapper".

Nmap is a free and open source utility for network
discovery and security auditing
Nmap is useful for tasks such as network inventory,
managing service upgrade schedules, and monitoring
host or service uptime.
Nmap & Linux
The Nmap aka Network Mapper is an open source
very versatile tool for Linux system/network
administrators.
Nmap is used for exploring networks, perform security
scans, network audit and finding open ports on remote
machine.
It scans for Live hosts, Operating systems, packet filters
and open ports running on remote hosts.
Cont..
Nmap uses raw IP packets in novel ways to determine:
what hosts are available on the network
what services (application name and version) those
hosts are offering
what operating systems (and OS versions) they are
running,
what type of packet filters/firewalls are in use
Port Scanning Basics
While Nmap has grown in functionality over the years,
it began as an efficient port scanner, and that remains
its core function.
The simple command nmap scans more than 1660 TCP
ports on the host. While many port scanners have
traditionally lumped all ports into the open or closed
states, Nmap is much more granular.
It divides ports into six states: open, closed, filtered,
unfiltered, open|filtered, or closed|filtered. Port
Scanning Basics
Commonly scanned Ports
Ports are numbers that TCP/IP uses to map packets to
services. For example, some common port are:
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Send Mail Transfer Protocol)
80 HTTP (HyperText Transfer Protocol)
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 BIOS
Nmap features and uses
Features of Nmap
Flexible:
oSupportive techniques; detections in OS
Powerful:
oUtilisation of Nmap in networking
Portable:
oSupports almost every operating system
More features
Free:
o Security for internet,exploration of networks,easy access
and distribution.
Well Documented
o well organised and easily available in full format.
Supported:
o community supportive, find out about Nmap
Award winning and dozens of books on it available.
Why we should use nmap?
Usage:
Used by network security look afters
how an open source security tool is advantagteable
to hackers
what does hacker do when they first login.
how does hacker trace nmapping?
scanning to spot the hackers
one can come to know easily.
multiple uses of nmap
Popular uses are:
In peoples everyday use
Helping in many operating systems.
community supporting.
Easy to compile from the source.
nmap7 & its new key features!
Better ipv6 support
obetter than ipv4 - nmap7 offers ipv6 support e.g CIDR, Idle scan,
Better TSL/SSL scanning
oquick detection of TLS development problems with its handshake
version.
New OS support
ocompatible with new version of windows 10
Faster network scanning
oGives boost performance on Windows and BSD systems
Improved NSE functionality
osupports 171 new scripts
Techniques & Methods
 Techniques!
Experts understand techniques and choose the
appropriate one
Others try to solve every problem with the default SYN
scan.
Nmap is free, the only barrier to port scanning mastery
is knowledge.
Note that actual numbers and some actual domain
names are used to make things more concrete. In their
place you should substitute addresses/names from
your own network.
 Nmap advanced scanning
techniques
There are many options and combination:
TCP scan flags customization
IP and MAC address spoofing
Adding decoy scan source IP addresses
Source port specification
Ability to add random data to sent packets
Manipulatable time-to-live field
Ability to send packets with bogus TCP or UDP checksums
Key points to remember in
Techniques
Results Based on scans you create
useful for testing intranet or extranet connections
capabilities beyond the basic syn syn/ack ack connect
scan
Only one method may be used at a time, except that UDP
scan (-sU) and any one of the SCTP scan types (-sY, -sZ)
may be combined with any one of the TCP scan types
port scan type options are of the form -s<C>, where <C> is
a prominent character in the scan name, usually the first.
Basic Commands

Scanasingletarget Scanrandomhosts>nmap
>nmap[target] iR[number]
Excludingtargetsfromascan
Scanmultipletargets >nmap[targets]
>nmap[target1,target2,et exclude[targets]
c] Excludingtargetsusingalist
>nmap[targets]
Scanalistoftargets excludefile[list.txt]
>nmapiL[list.txt]
Performanaggressivescan
Scanarangeofhosts >nmapA[target]
>nmap[rangeofIPaddres ScananIPv6target>nmap
ses] 6[target]

Scananentiresubnet
>nmap[IPaddress/cdir]
Advanced Scanning Options
-sS (TCP SYN scan)
SYN scan is the default and most popular scan option for good reasons.

-sT (TCP connect scan)

TCP connect scan is the default TCP scan type when SYN scan is not an option.

-sU (UDP scans)

UDP scan, normal scan might be slower, Nmap UDP scan can solve this problem

-sY (SCTP INIT scan)

Alternative to UDP and TCP, useful for multi-homing and screening

-sN; -sF; -sX (TCP NULL, FIN, and Xmas scans)

Helps to differentiate opened and closed ports

-sA (TCP ACK scan)

Determines open (or open|filtered)
Few more advanced scanning
Options
-sM (TCP Maimon scan)
Same as NULL, FIN, XMAS. Not FIN/ACK

-sZ (SCTP COOKIE ECHO scan)

Advanced version of SCTP scan

-sO (IP protocol scan)

Helps to know the IP of target

-sI <zombie host>[:<probeport>] (idle scan)

Blind TCP scan
Experimental Setup And Evidence
Setup for Nmap
Two ways of opening Nmap
1 GUI format:
Open kali linux
Go to application> search > nmap

2. opening by command prompt
Open terminal type nmap
Allows us to:

Specify target with /without firewall on

Host discovery
Scanning techniques like fastens scan time, Scanning of
multiple IP address, Scanning by using wildcard and
Scanning using subnet mask
OS detection
Scan for the TCP port 80
Service detection for host
Target specification
Target: facebook.com(firewall on)

 Host Discovery
Scanning techniques:
 Scanning of multiple IP Scanning by using wildcard
address
 4. Scanning using Scan for os detection
subnetmask

Syntax: nmap 192.168.6.141/22 Syntax: nmap -0 198.162.6.141

 Scan for the TCP port 80 Service detection for host

Syntax: nmap 192.168.6.141 Syntax :nmap sV

p80 192.168.6.141
Conclusion
Nmap is a useful and free security detective tool
Through Nmap provide detailed information that can
understand host deeply and also avoid unexpected
security vulnerabilities
Bugs? Really? There are no bugs in Nmap!. There were
some issues and problems before, but they fixed it in
new updates.
References
Nmap.org
By default (for root users), nmap uses both the ICMP and ACK. (n.d.). Nmap. Retrieved September 28,
2016, from http://linuxcommand.org/man_pages/nmap1.html
Nmap Cheat Sheet:. Retrieved September 28, 2016, from
http://resources.infosecinstitute.com/nmap-cheat-sheet-discovery-exploits-part-2-advance-port-scanning-
nmap-custom-idle-scan
/
Penetration Testing Lab
https://pentestlab.wordpress.com/2012/04/02/nmap-techniques-for-avoiding-firewalls/
Long-time Nmap contributor Lamont Granquist wrote a clear and useful (if dated) guide to getting started
with nmap. [1999]
Raven Alder has written a short guide named Nmap -- looking from the outside in for LinuxChix. [2002]
Uh-oh! Security expert and Counter Hack author Ed Skoudis has discovered our secret partnership with
Microsoft!
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20NMap%20Quick%20Reference
%20Guide.pdf
Any Questions