Nmap
# Syn Scan (defaults to SYN Scan if root, Connect Scan if not. See below) nmap <ip>
# SYN Scan (default scan type if logged in as root) nmap -sS <ip> # "SYN ->" "SYN/ACK <-" "RST ->"
# No port scan (ping only) a list of IPs nmap -iL list.txt -sn # TCP Connect Scan (only scan you can do without root privileges) nmap -sT <ip> # "SYN ->" "SYN/ACK <-" "ACK ->"
# List Scan does a reverse DNS lookup on a range to find hosts nmap -sL 66.35.250.150-160
# Ping Scan does a quick ping to each box, and nothing more nmap -sP 10.0.0.0-255
# Nmap 3.75 help example: namp -v -sS -) www.my.com 192.168.0.0/16 '192.88-90.*.*'
# Nmap 4.11 help examples: nmap -v -A scanme.nmap.org nmap -v -sP 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -P0 -p 80
Nmap files can be found here (such as nmap-services):
/usr/share/nmap/
You can use --datadir flag to point Nmap to alternate support files.
Target Specification
All of these formats will scan the same class B network:
Wildcards: 192.168.*.* Range: 192.168.0-255.0-255 Mask Notation: 192.168.0.0/16
Common Options
-sS TCP SYN Scan -sT TCP connect() scan -sU UDP port scans (not very reliable) -v Verbose output -vv Very verbose output -O Detect Operating system (TCP/IP fingerprinting) -sV Service version detection -P0 Don't ping, just scan -A Agressive: same thing as -O -sV -T Scan timing -p Choose ports to be scanned -F Fast Scan: only scan ports in nmap-services file -n Don't do reverse DNS lookup (increase scan speed)
nmap References
Auditor CD?
- Nmap-Tutorial.com
- IronGeek: Basic Nmap Usage (video slide show)
- IronGeek: Nmap Video Tutorial 2: Port Scan Boogaloo (video slide show)
- nmap Reference guide
- A-SEC Lesson 2 Nmap and other Network Scanning Techniques
- Yet Another Nmap Tutorial
- What can you find out from an IP?
- nmap-tutorial - http://nmap.org/bennieston-tutorial/
- Port Scanning Techniques - http://nmap.org/book/man-port-scanning-techniques.html
- Nmap: The Art of Port Scanning - http://nmap.org/nmap_doc.html
- Timing and Performance - http://nmap.org/book/man-performance.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/security-basics/2007-04/msg00386.html
- Top 30 Nmap Command Examples For Sys/Network Admins - http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/