loading...

Nmap - Introduction (Part 1)

kavishgour profile image Kavish Gour ・3 min read

In this post, I will explain what Nmap is all about, and a basic demonstration. I'm launching my career in Cybersecurity, and i hope this series will benefit InfoSec enthusiasts. Have fun.

Note: If you don't know how to install Nmap, click here.

Introduction

Nmap or Network Mapper is a network scanning tool designed to audit a range of hosts (large networks) or a single host (a computer). Nmap sends TCP, UDP, SCTP, and ICMP packets to the target host and examines the response by comparing the result to its database(always use the latest version), to determine what services are running, which OS versions is installed, types of firewalls, and other cool stuff.

Nmap is a very powerful, mature network scanner that will help you see everything that you need to see on your network. To get you excited, here's an analogy: You're about to go on a road trip, so basically you'll need some sort of map or an app that you would use to plane your route and be aware of what's around you, like road conditions and so forth. Well, think of Nmap like a map for you network.

Nmap Syntax

The syntax is very simple, but the number of options provided are overwhelming. Always run nmap as a privileged user or root (on windows: open command prompt as administrator).

The syntax: nmap [Scan Type(s)] [Options] {target specification}

In this post, i'll only use nmap and a target to keep it simple. The target can be a hostname, an IP, a network range, etc.

Disclaimer: Use Nmap on your own networks. When being used on networks without prior authorization, and your intention was only to perform a scan, you'll look like the malicious type.

Let's get started

Let's run 'nmap localhost':

MacBook-Pro:~ kavish$ nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-28 11:52 +04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00036s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 993 closed ports
PORT    STATE SERVICE
88/tcp  open  kerberos-sec
110/tcp open  pop3
143/tcp open  imap
445/tcp open  microsoft-ds
548/tcp open  afp
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds

The scan took approximately 6 seconds (depends on how services you got running).

Your output will be different. The main key here, is that Nmap can show you things on your network that you're not aware of. Or maybe you've no clue what services are running on your machine.

From the above output, i can see that kerberos, afp, and microsoft-ds are running. I didn't start those services, and i don't know what has.

Did a quick google search, and found out that those 3 services are responsible for file sharing. I disabled file sharing, and voila:

MacBook-Pro:~ kavish$ nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-28 11:54 +04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00038s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed ports
PORT    STATE SERVICE
110/tcp open  pop3
143/tcp open  imap
631/tcp open  ipp
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 7.22 seconds

A simple scan like this will not retrieve sufficient information. But it's enough to get your feet wet, and become familiar with Nmap.

Stay tuned for part 2 where I explain how to run more advanced commands and, how to manipulate your results with Python-Nmap.

Posted on by:

kavishgour profile

Kavish Gour

@kavishgour

OpenBSD/Linux and Cybersecurity enthusiast || Member of secbsd.org || Pythonista

Discussion

markdown guide