Nmap , Cybersecurity Tools
Share and Support Us

“A Secured network  secures your data”

Your IT network is an integral part of your IT infrastructure and all your devices are connected to the network, so it is mandatory to scan for errors and bugs in your network and also check for vulnerabilities to prevent an intruder in your network. To do that, various cybersecurity tools are available and one of them is Nmap.

What is Network Security?

Network Security provides security for the devices connected to a network, protecting and monitoring the misuse of a network, modifying the data, and unauthorized access. Network security also helps us to maintain the confidentiality and integrity of data transferred through the internet. Network Security contains both hardware and software technologies and prohibits the spread of malicious data.

What is Nmap?

Nmap (Network Mapper) is an open-source and a free tool used to look for vulnerabilities and also to find what devices are running on the systems. It is also used to find out any open ports that can be accessed, OS versions etc. Nmap was developed for enterprise-scale companies but nowadays many small scale companies are using it. Nmap was first developed for Linux and lately, it was developed for other OS such as Windows and Mac. However, Nmap is most efficient when used in the Command-line interface.

The functions of Nmap are,

  • Script pre-scanning
  • Target enumeration
  • Host discovery
  • Reverse-DNS resolution
  • Port scanning
  • Version detection
  • OS detection
  • Traceroute
  • Script scanning
  • Output
  • Script post-scanning

How to use Nmap?

Nmap can be used in a simple manner or in an advanced manner. The most basic step in using Nmap is to identify the active host in a network and there are some sets of commands that perform different functions. To use Nmap to its core one should be familiar with scripts that automate tasks.

1.Script pre-scanning :

Script pre-scanning is an optional process that uses a collection of special-purpose scripts from NSE (Nmap script engine) to get information about the available device. It only occurs when we request the command –script or -sC. It is an optional phase and skipped in a default scan.

2.Target enumeration :

Target enumeration is the first part in a default scan. Nmap researches the host specifier provided by the user or the -iR command can be used to specify the user by itself. The information about the host may contain IP address, DNS of the host, etc.

3.Host discovery :

Host discovery is used to identify the accessible host on a local network. Nmap displays almost every user connected to a network, i.e it sends additional probes to discover the host. The probes can be customized according to different environments to detect the host. We will use the following Nmap command for all discovery scans: 

Nmap –sP

The command for the discovery of one host :

Nmap -sP

–sP determines that only discovery will be performed, and it is similar to the default Nmap scan. Nmap simultaneously sends ICMP(Internet control message protocol) echo request packets and TCP(Transmission control protocol) pings to port 80 of all hosts in the scope. The accessible host response with ICMP echo request and TCP pings with RST flag set, indicating that the host is alive. No response indicates that the host is protected by a firewall or unreachable at port 80.

4. Reverse-DNS resolution :

Reverse-DNS resolution is a part of Host discovery, Nmap performs reverse-DNS resolution for every host that responds to the host discovery probes. Sometimes hostname may have information about the function, and names make reports more readable than IP addresses.

5. Port Scanning :

Port Scanning is a method of scanning numerous ports to identify and classify the state of the ports. The 6 possible states the ports can be is,

  1. Open – The port actively responds to TCP, UDP, and SCTP requests.
  2. Closed – The target port is active and the application is not listening.
  3. Filtered – In this case, the target port state is not defined because the firewall doesn’t let the probes reach the port.
  4. Unfiltered –  The target port is accessible, but Nmap could not define whether it is in an open or closed state.
  5. Open/filtered – Nmap unable to detect whether the port is open or filtered.
  6. Closed/ filtered – Nmap unable to detect whether the port is closed or filtered.

6. Version detection :

Nmap discovers what version of the server software is running on the open port. Identifying the accurate version helps in determining what exploit a server is vulnerable to. We can also obtain the version number, device type, hostname, etc. The command for version detection is -sV (device type, hostname etc. using the command -sV )

7. OS detection :

Nmap has a built-in database used for OS detection. OS detection helps you to access the host easier and also when you know the OS you can easily search for the loopholes present in that particular version on the internet. To find the OS we use -o flag.

8. Traceroute :

Traceroute is used to find the network route of many hosts and measure the transit delays of packets across an IP network. Nmap also has some additional tools included in the NSE suite for tracerouting. The command “–traceroute” is used to trace the route from the scanning machine to the host. Windows provides the  “tracert” command which performs the same function.

9. Script scanning :

Script scanning is a phase where NSE scripts are executed. Script scanning can be run during pre-scan, main-scan, or post-scan, but mostly it is done during the main-scan. Script scanning is executed once after interacting with each target. It detects service vulnerabilities, advanced version detection, malware discovery, etc. The command to enable script scanning is -sC or –script.

10. Output :

The information gathered throughout the process is presented to the tester who runs the process. There are several formats offered by the Nmap to display the output like XML-type output forms, grepable output which includes most information for a target host on a single line, and sCRiPt KiDDi3 0utPUt.

11. Script post-scanning :

This is an optional phase that runs after the scanning is completed. Scripts in this phase process the result and deliver the output.

Every second, millions of data are transferred through the internet, and it is important to maintain the integrity of the data. So, it is advisable to always scan for vulnerabilities in every possible way to prevent unauthorised access and safeguard your network.

If your system is compromised or if you would like to be prepared you can contact us at info@rootfloe.com for a free consultation.

Related posts

Leave a Comment