How to do basic network scanning with nmap. Learn the basics of nmap in 5-10 minutes with this quickie by tech- brew.net!
You will learn how to do basic network scanning using nmap in hopefully under 10 minutes. You should already know the difference between UDP and TCP or at least have basic knowledge of networking.
Network Mapper (or nmap for short) is a network scanner used for security scans. You can find hosts in the network, scan their ports and find out what services and operating systems they’re running. It’s also extensible with scripts and an user community maintains the development and support. Available for almost every OS.
Apparently there is a GUI- verison of the tool, but since I released an article about using the command line last week, I’m going to show you how to use the cli to scan the network. And also because I’m not familiar with the GUI.
As always, this “quickie” wont go to in-depth on the subject, but you will find helpful links at the end of the article.
Simple System Scan
With this command (target beeing the ip address/ url of the “victim”) you can find out which ports are open or closed. To scan only specific ports you can use the
nmap -p<Port> target
You just have to specify the port(s). You can also pass multiple ports by separating them with a “,”:
You can also scan multiple hosts in different ways. You can read more about it in one of the links at the end of the article.
nmap uses a whole bunch of scanning types, so I’m gonna list the “most popular” ones. Or the ones I thought would be really helpful for basic network scanning. I will try to put a link at the end, which will contain a list of all scanning types.
nmap -sS 192.168.1.1
The most useful for “security” would be a SYN scan. Since it’s not a full TCP- Connection it does not create any sessions. This means the target can’t really log it. The downside is, you need root privileges on the host running nmap. But I think you should have those rights on your local machine. If you don’t have root privileges (or admin, for windows users) you can still use a TCP connect() scan, which doesn’t require those rights. But can be logged by the Target. Just use the flag
-sT instead of
nmap -sU 192.168.1.1
Is used to find open UDP- Ports of the target. You can also combine it with the one mentioned above.
More usefull links
Since I don’t want to bother you any longer, here are some ressources you can use to dig deeper into this topic:
- nmap from beginner to advanced: A longer and better version of this article, by infosec institute
- nmap examples: Some usage examples similar to the ones in this post, by nmap.org
- nmap cheat sheet
- Intermediate Network Scanning Commands
- 7 Scripts for nmap
- scanning types