Home Ethical Hacking How does the Nmap become a leading tool to scan a Network

Ethical Hacking Information Gathering Linux

How does the Nmap become a leading tool to Scan a Network:-

A story behind the Nmap started in 1997 with the initial announcement of Nmap by its Author named Gordon Lyon and could be found by the name of Fyodor. The aim is to Scan the Network without paying a single coin. The Initial release of the tool does not disclose any build version because of no upcoming versions are planned. But a couple of days later since the initial release, the Author introduced another version of it called Nmap version 1.25 because of the huge demand among the Security researchers.

At present version 7.60 running with a lot of improvements as compared to the previous one, announced back in the month of August 2017. The build includes a script to crack a password by Brute force attack.

On the usability front, a user uses Nmap to scan a particular to IP address to explore the information of the system and could be used by typing the domain name in the command line. Apart from that, it also offers a Port scanning option rather than TCP or UDP. Nmap, the first step to explore and exploit the Vulnerabilities.

Some basic examples as follows:

IP Scan: nmap

Multiple IP Scan: nmap,

Network Scan: nmap

IP Scan in verbose mode: nmap -v

IP Scan with Port: nmap -p 80

Domain Scan: nmap

Multiple Domain Scan: nmap,

Domain Scan in verbose mode: nmap -v

Domain Scan with Port: nmap -p 80

Inside Story of the tool:-

As earlier, we have discussed features of Nmap but do you know the inside process of the tool? Meanwhile, a process named 3-way handshake occurs to filter out the accurate result. In the process, Firewall has a precious role of blocking the requests sending throughout the 3-way handshake process.

In brief, a 3-way handshake is a process to communicate with the specific target by sending and receiving the Packets. After getting the response from the target in the form of Syn/Ack Packet the tool indicates the specific port of the target is open. If it fails to create a communication, the result get filtered. At last, the Closing sign indicates reset response from the server side.

In result, the Nmap provides a summarized report to the users in the various forms mainly include, Normal form, XML form, and Grepable form. Apart from IP and Port scanning, the tool could be used in a manner to find of OS platform used by the system and also helps to Detect the version of the System build.

Additional Switches:-

The tool added some additional manual option to Scan. The following are the switches that could be used to enhance the information in the form of the result:

UDP Scan: A switch called -sU is being added to the command line to find out the UDP port detail in the System.

Example: nmap -sU

TCP Connect Scan: A regular scan finds results that belong to TCP ports but, by adding -sT to the command will add your IP to the log file of the Targeted System.

Example: nmap -sT

TCP SYN Stealth: This kind of scan generally send a large number of requests without creating a session. But somehow, Requires privileged access.

Example: nmap -sS

TCP Fin: Generally, the packets have been sent in the form of SYN but, by the adding -sF to the command will convert it to the Fin packets.

Example: nmap -sF

TCP Null: By adding -sN will send the packets to the system without any Flag.

Example: nmap -sN

TCP Xmas: This kind of scan sends URG, PUSH, and FIN packets to the system to find out the status of the ports. The switch called -sX.

Example: nmap -sX

TCP Ack: The switch called -sA is added to the command to send Ack package to the remote system to grab the details of the port.

Example: nmap -sA

A hidden truth, Source Spoofing:-

IP Spoof- In some Case, Nmap is not able to find out your source Ip, by using -s in the command line to send out the package to the System with the desired spoofed IP address.

On the Other side, the remote system assumes the spoofed IP as a real one and start communicating with it.

Mac spoof- This option works when the User wants to send the packets by using the different desired Mac address. How does it work? The feature works by adding –spoof-mac right before the desired spoofed Mac address that you want to replace with the original one.

Tags: , , , , , , , , ,

Leave a Reply