[TUTORIAL] Nmap - Port Scanning

Nmap was originally command line tool that has been developed for only Unix/Linux based operating system but now its windows version is also available and ease to use.You can download the Nmap installer for windows and for Linux open terminal and type sudo apt-get install nmap

Ok now we are going to start with simple scan, for nmap help

$ nmap --help

For a quick and simple scan use.

$ nmap 192.168.1.1

Starting Nmap 5.21 ( [You must be registered and logged in to see this link.] ) at 2011-04-08 23:06 PKT

Nmap scan report for 192.168.1.1

Host is up (0.0012s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 6.22 seconds


[You must be registered and logged in to see this image.]

Is it simple scan? Yes it is a simple scan that let you know about the open ports in any machine, now if want to scan a whole network than you have to type this with subnet.
$ nmap 192.168.1.1/24 or $ nmap 192.168.1.*


* Nmap - Interesting options
o -f fragments packets
o -D Launches decoy scans for concealment
o -I IDENT Scan – finds owners of processes (on Unix systems)
o -b FTP Bounce
* Port Scan Types
o TCP Connect scan
o TCP SYN scan
o TCP FIN scan
o TCP Xmas Tree scan (FIN, URG, and PUSH)
o TCP Null scan
o TCP ACK scan
o UDP scan


Nmap works on the basic scanning types like:

* TCP connect() scanning
* TCP SYN scanning
* TCP FIN scanning
* Fragmentation scanning
* TCP reverse ident scanning
* FTP bounce attack
* UDP ICMP port unreachable scanning
* UDP recvfrom() and write() scanning
* ICMP echo scanning

Operating system detection or OS fingerprnting is the important part of scanning you should know about the operating system of target machine to launch an available exploit on it. Nmap provides you know about running operating system although you can find it by using banner grabbing but why doing to much job. Use -O for operating system.