Friday, November 16, 2012

IP and Port scanning linux / nmap (Network Mapper)




nmap is a powerful ip /port  scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. We can rapidly scan large networks, although it works fine against single host also .

To install nmap in Ubuntu :

sachin@linuxadmin:~$ sudo apt-get install nmap

To install nmap in CentOS/Fedora/RHEL

root@linuxadmin~]# yum install nmap


IP Scanning with range 192.168.1.0 – 192.168.1.255

sachin@linuxadmin:~$ sudo nmap -sP 192.168.1.0/24

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-16 16:33 IST

Host 192.168.0.12 is up (0.0043s latency).
Host 192.168.0.26 is up (0.00036s latency).

Nmap done: 256 IP addresses (2 hosts up) scanned in 2.15 seconds

sachin@linuxadmin:~$


IP Scanning with range 192.168.0.1 – 192.168.0.254

sachin@linuxadmin:~$ sudo nmap -sP 192.168.0.1-254

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-16 16:59 IST
Host 192.168.0.12 is up (0.0038s latency).
Host 192.168.0.26 is up (0.00065s latency).

Nmap done: 254 IP addresses (2 hosts up) scanned in 2.20 seconds

sachin@linuxadmin:~$


Port Scanning with range port 100 – port 200

sachin@linuxadmin:~$ nmap 192.168.0.253 -p100-200

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-16 17:02 IST
Interesting ports on 192.168.0.253:
Not shown: 98 closed ports
PORT    STATE SERVICE
110/tcp open  pop3
111/tcp open  rpcbind
143/tcp open  imap

Nmap done: 1 IP address (1 host up) scanned in 1.17 seconds


sachin@linuxadmin:~$

For 100 ports, it took almost 1.17 seconds, so it will take much longer if you want to scan from 1-65535 (all ports in a computers).


Scanning Operating system on target IP

sachin@linuxadmin:~$ sudo nmap -O 192.168.0.3

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-16 17:04 IST
Interesting ports on 192.168.0.253:
Not shown: 980 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
111/tcp  open  rpcbind
143/tcp  open  imap
443/tcp  open  https
993/tcp  open  imaps
995/tcp  open  pop3s
2000/tcp open  callbook
3306/tcp open  mysql
4445/tcp open  unknown
5222/tcp open  unknown
5269/tcp open  unknown
7070/tcp open  realserver
7443/tcp open  unknown
7777/tcp open  unknown
9090/tcp open  zeus-admin
9091/tcp open  unknown
MAC Address: 00:1C:--:D8:8d:2E (Intel Corporate)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.27
Network Distance: 1 hop

Nmap done: 1 IP address (1 host up) scanned in 12.38 seconds


sachin@linuxadmin:~$


nmap Faster Execution

If you want to make faster scan, use -T4 option on nmap command..

sachin@linuxadmin:~$ sudo nmap -A -T4 192.168.0.3

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-16 17:06 IST


Interesting ports on 192.168.0.253:
Not shown: --80 closed ports


PORT     STATE SERVICE     VERSION
21/tcp   open  ftp         vsftpd 2.0.5
22/tcp   open  ssh         OpenSSH 4.3 (protocol 2.0)


 MAC Address: 00:1C:--:D8:82:2E (Intel Corporate)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.27
Network Distance: 1 hop
Service Info: Hosts: 
linuxadmin.co.in, example.com; OS: Unix

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.08 seconds


For more details, just open the nmap man page .

sachin@linuxadmin:~$ man nmap

No comments:

Post a Comment