• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
NMAP - The Network Scanner
 

NMAP - The Network Scanner

on

  • 2,384 views

NMAP by Rohit Parab @ null Mumbai Meet, May, 2011

NMAP by Rohit Parab @ null Mumbai Meet, May, 2011

Statistics

Views

Total Views
2,384
Views on SlideShare
2,070
Embed Views
314

Actions

Likes
2
Downloads
146
Comments
0

1 Embed 314

http://null.co.in 314

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    NMAP - The Network Scanner NMAP - The Network Scanner Presentation Transcript

    • NmapThe Network Scanner
      http://null.co.in/
      http://nullcon.net/
    • Module 1: Getting Started
      http://null.co.in/
      http://nullcon.net/
    • What is Nmap?
      • Nmap = Network Mapper
      • Written By Fyodor
      • http://insecure.org
      • Free!
      • Open source, Constant development
      http://null.co.in/
      http://nullcon.net/
    • Know your protocols
      • IP – Internet protocol
      • TCP – Transmission Control Protocol
      • UDP – User datagram protocol
      • ICMP – Internet control message protocol
      http://null.co.in/
      http://nullcon.net/
    • Anatomy of a scan
      • Step 1: DNS Lookup
      • (Unless you u an IP address)
      • Step 2 :Nmap “Pings” the remote device
      • (This is not an ICMP echo Request)
      • Step 3: Reverse DNS lookup
      • Step 4: Do the scan!
      • Step 5: Analyze the scan results
      http://null.co.in/
      http://nullcon.net/
    • Module 2: Basic Scans
      http://null.co.in/
      http://nullcon.net/
      • TCP SYN scan (-sS)
      • TCP connect() scan (-sT)
      • Ping scan (-sP)
      • UDP scan (-sU)
      http://null.co.in/
      http://nullcon.net/
    • Module 3: Useful scanning options
      • Excluding and Including targets
      • Excluding from command line or a file
      • Using a file to list your targets
      • Port Number options
      • Limit your scans
      • Focus your efforts
      http://null.co.in/
      http://nullcon.net/
    • Excluding Targets
      • --exclude <host1,host2………>
      • Command line only
      • Must specify each time
      • --excludefile <exclude_filename>
      • One option excludes many hosts
      • Keep your list handy!
      http://null.co.in/
      http://nullcon.net/
    • Including Targets
      • -iL <inputfilename>
      • Address can be separated by tabs,spaces, or lines
      http://null.co.in/
      http://nullcon.net/
    • Specifying port numbers
      • Specifying port numbers
      • -p<port range>
      • -p 23,34,43,123-144
      http://null.co.in/
      http://nullcon.net/
    • Module 4: Ping options
      • What’s “ping”?
      • Default pings
      • ARP ping
      • ICMP and TCP ACK ping
      • TCP SYN ping
      • UDP ping
      • Don’t ping before scanning
      http://null.co.in/
      http://nullcon.net/
    • What’s “ping”?
      • An Nmap ping confirms the existence of the target system
      • An Nmap ping does not(necessarily) refers to an ICMP echo request
      • We can disbale this ping requirement with
      -P0(zero)
      http://null.co.in/
      http://nullcon.net/
      • Nmap uses ARP for the local subnet for ping process
      • For the remote ip subnet nmap uses
      • ICMP echo request &
      • A TCP ACK on port 80
      http://null.co.in/
      http://nullcon.net/
    • Module 5: Network Recon
      • Operating system fingerprinting (-O)
      • Systems with Firewalls & Filter
      • One port open ,one port closed.
      • Version detection(-sV)
      http://null.co.in/
      http://nullcon.net/
    • Module 6: Ninja Scanning
      • FIN scan(-sF),Xmas tree scan(-sX),Null scan(-sN)
      • Often called “stealth” scans
      • One frame transmitted, one frame received
      • Thesestealth scans never appears in application logs.
      • Microsoft Windows doesn’t responds to these stealth scans.
      http://null.co.in/
      http://nullcon.net/
      • ACK scan(-sA)
      • Filtered or unfiltered(not open!)
      http://null.co.in/
      http://nullcon.net/
    • Nmap Timing Options
      • -T0/Paranoid
      • -T1/sneaky
      • -T2/Polite
      • -T3/Normal
      • -T4/Aggressive
      • -T5/Insane
      http://null.co.in/
      http://nullcon.net/
    • Random Hosts and Targets
      • Randomize hosts(-rH)
      • Rearrange the Nmap hosts in an Nmap scan
      • Makes it difficult to see a pattern
      • Completely random target addresses
      • (-iR <num _host>)
      • Useful for finding specific services
      • Nmap –sS –PS80 –iR 0 –p 80
      http://null.co.in/
      http://nullcon.net/
    • Thank you
      http://null.co.in/
      http://nullcon.net/