Nmap - Network Mapping 5r5g4u

“Nmap-Network Mapping”

Group Presenters  Renuka Tuluchan ID: 30305018  Faisal (ID: 30300944)  Raveel Yasin (ID: 30119581)  Deepak koirala (ID: 30104380)

Introduction to “Nmap”

What is “Nmap”?   “Nmap stands for "Network Mapper".  Nmap is a free and open source utility for network discovery and security auditing  Nmap is useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap & Linux  The Nmap aka Network Mapper is an open source  very versatile tool for Linux system/network s.  Nmap is used for exploring networks, perform security scans, network audit and finding open ports on remote machine.  It scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts.

Cont..  Nmap uses raw IP packets in novel ways to determine:  what hosts are available on the network  what services (application name and version) those hosts are offering  what operating systems (and OS versions) they are running,  what type of packet filters/firewalls are in use

Port Scanning Basics  While Nmap has grown in functionality over the years, it began as an efficient port scanner, and that remains its core function.  The simple command nmap scans more than 1660 T ports on the host. While many port scanners have traditionally lumped all ports into the open or closed states, Nmap is much more granular.  It divides ports into six states: open, closed, filtered, unfiltered, open|filtered, or closed|filtered. Port Scanning Basics 

Commonly scanned Ports  Ports are numbers that T/IP uses to map packets to services. For example, some common port are:  20 FTP data (File Transfer Protocol)  21 FTP (File Transfer Protocol)  22 SSH (Secure Shell)  23 Telnet  25 SMTP (Send Mail Transfer Protocol)  80 HTTP (HyperText Transfer Protocol)  110 POP3 (Post Office Protocol, version 3)  137 NetBIOS-ns  138 NetBIOS-dgm  139 BIOS

Nmap features and uses

Features of “Nmap” Flexible: oive techniques; detections in OS Powerful: oUtilisation of Nmap in networking Portable: os almost every operating system

More features  Free: o Security for internet,exploration of networks,easy access and distribution.  Well Documented o well organised and easily available in full format.  ed: o community ive, find out about Nmap  Award winning and dozens of books on it available.

Why we should use nmap? Usage: Used by network security look afters how an open source security tool is advantagteable to hackers what does hacker do when they first . how does hacker trace nmapping? scanning to spot the hackers one can come to know easily.

multiple uses of nmap Popular uses are:  In people’s everyday use  Helping in many operating systems.  community ing.  Easy to compile from the source.

nmap7 & its new key features!  Better ipv6 obetter than ipv4 - nmap7 offers ipv6 e.g CIDR, Idle scan,  Better TSL/SSL scanning oquick detection of TLS development problems with its handshake version.  New OS ocompatible with new version of windows 10 Faster network scanning oGives boost performance on Windows and BSD systems Improved NSE functionality os 171 new scripts

Techniques & Methods

Techniques!  Experts understand techniques and choose the appropriate one  Others try to solve every problem with the default SYN scan.  Nmap is free, the only barrier to port scanning mastery is knowledge.  Note that actual numbers and some actual domain names are used to make things more concrete. In their place you should substitute addresses/names from your own network.

Nmap advanced scanning techniques There are many options and combination:  T scan flags customization  IP and MAC address spoofing  Adding decoy scan source IP addresses  Source port specification  Ability to add random data to sent packets  Manipulatable time-to-live field  Ability to send packets with bogus T or UDP checksums

Key points to in Techniques  Results Based on scans you create  useful for testing intranet or extranet connections  capabilities beyond the basic syn – syn/ack – ack connect scan  Only one method may be used at a time, except that UDP scan (-sU) and any one of the SCTP scan types (-sY, -sZ) may be combined with any one of the T scan types  port scan type options are of the form -s , where is a prominent character in the scan name, usually the first.

Basic Commands  Scan a single target — > nmap [target]  Scan multiple targets — > nmap [target1,target2,et c]    Scan a list of targets — > nmap iL [list.txt]    Scan a range of hosts — > nmap [range of IP addres ses]    Scan an entire subnet — > nmap [IP address/cdir]  

 Scan random hosts —> nmap  iR [number]    Excluding targets from a scan — > nmap [targets] – exclude [targets]    Excluding targets using a list — > nmap [targets] – excludefile [list.txt]    Perform an aggressive scan — > nmap A [target]    Scan an IPv6 target —> nmap  6 [target]

Advanced Scanning Options  -sS (T SYN scan) • SYN scan is the default and most popular scan option for good reasons.

 -sT (T connect scan) • T connect scan is the default T scan type when SYN scan is not an option.

 -sU (UDP scans) • UDP scan, normal scan might be slower, Nmap UDP scan can solve this problem

 -sY (SCTP INIT scan) • Alternative to UDP and T, useful for multi-homing and screening

 -sN; -sF; -sX (T NULL, FIN, and Xmas scans) • Helps to differentiate opened and closed ports

 -sA (T ACK scan) • Determines open (or open|filtered)

Few more advanced scanning Options  -sM (T Maimon scan) • Same as NULL, FIN, XMAS. Not FIN/ACK

 -sZ (SCTP COOKIE ECHO scan) • Advanced version of SCTP scan

 -sO (IP protocol scan) • Helps to know the IP of target

 -sI [:<probeport>] (idle scan) • Blind T scan

Experimental Setup And Evidence

Setup for Nmap  Two ways of opening Nmap  1 GUI format:  Open kali linux  Go to application> search > nmap   2. opening by command prompt  Open terminal type nmap

Allows us to:  Specify target with /without firewall on  Host discovery  Scanning techniques like fastens scan time, Scanning of multiple IP address, Scanning by using wildcard and Scanning using subnet mask  OS detection  Scan for the T port 80  Service detection for host

 Target specification

 Target: facebook.com(firewall on)

 Host Discovery

 Scanning techniques:

 Scanning of multiple IP address

 Scanning by using wildcard

 4. Scanning using subnetmask

 Syntax: nmap 192.168.6.141/22

 Scan for os detection

 Syntax: nmap -0 198.162.6.141

 Scan for the T port 80

 Syntax: nmap 192.168.6.141 – p80

 Service detection for host

 Syntax :nmap –sV 192.168.6.141

Conclusion  Nmap is a useful and free security detective tool  Through Nmap provide detailed information that can understand host deeply and also avoid unexpected security vulnerabilities  Bugs? Really? There are no bugs in Nmap!. There were some issues and problems before, but they fixed it in new updates.

References • Nmap.org • By default (for root s), nmap uses both the ICMP and ACK. (n.d.). Nmap. Retrieved September 28, 2016, from http://linuxcommand.org/man_pages/nmap1.html • Nmap Cheat Sheet:. Retrieved September 28, 2016, from http://resources.infosecinstitute.com/nmap-cheat-sheet-discovery-exploits-part-2-advance-port-scanningnmap-custom-idle-scan / • Penetration Testing Lab https://pentestlab.wordpress.com/2012/04/02/nmap-techniques-for-avoiding-firewalls/ • Long-time Nmap contributor Lamont Granquist wrote a clear and useful (if dated) guide to getting started with nmap. [1999] • Raven Alder has written a short guide named Nmap -- looking from the outside in for LinuxChix. [2002] • Uh-oh! Security expert and Counter Hack author Ed Skoudis has discovered our secret partnership with Microsoft! • https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20NMap%20Quick%20Reference %20Guide.pdf

Any Questions