Network Mapper (or nmap for short) is a network scanner used for security scans. You can find hosts in the network, scan their ports and find out what services and operating systems they’re running. It’s also extensible with scripts and an user community maintains the development and support. Available for almost every OS.
Apparently there is a GUI- verison of the tool, but since I released an article about using the command line last week, I’m going to show you how to use the cli to scan the network. And also because I’m not familiar with the GUI.
As always, this “quickie” wont go to in-depth on the subject, but you will find helpful links at the end of the article.
With this command (target beeing the ip address/ url of the “victim”) you can find out which ports are open or closed. To scan only specific ports you can use the
nmap -p<Port> target
You just have to specify the port(s). You can also pass multiple ports by separating them with a “,”:
You can also scan multiple hosts in different ways. You can read more about it in one of the links at the end of the article.
nmap uses a whole bunch of scanning types, so I’m gonna list the “most popular” ones. Or the ones I thought would be really helpful for basic network scanning. I will try to put a link at the end, which will contain a list of all scanning types.
nmap -sS 192.168.1.1
The most useful for “security” would be a SYN scan. Since it’s not a full TCP- Connection it does not create any sessions. This means the target can’t really log it. The downside is, you need root privileges on the host running nmap. But I think you should have those rights on your local machine. If you don’t have root privileges (or admin, for windows users) you can still use a TCP connect() scan, which doesn’t require those rights. But can be logged by the Target. Just use the flag
-sT instead of
nmap -sU 192.168.1.1
Is used to find open UDP- Ports of the target. You can also combine it with the one mentioned above.
Since I don’t want to bother you any longer, here are some ressources you can use to dig deeper into this topic: