shwetha mk, profile picture
Uploaded byshwetha mk
DOCX, PDF210 views

Contents namp

1. To perform active OS fingerprinting, use Nmap's "-O" flag followed by the target IP address. This sends probe packets to the target and analyzes the responses to determine the operating system. 2. For passive fingerprinting, sniff the network traffic without making contact with targets. Analyze characteristics like TCP/IP stack implementation to fingerprint operating systems. 3. Nmap is a useful tool for active fingerprinting as it has a large database of OS fingerprints. Passive fingerprinting can be done using a network sniffer without alerting targets. Both methods provide ways to remotely determine operating systems without access to

Embed presentation

Download to read offline
M. S. RAMAIAH INSTITUTE OF TECHNOLOGY (AUTONOMOUS INSTITUTE, AFFILIATED TO VTU) A Presentation Report on “NMAP” Submitted in Partial fulfillment of 5th Semester B.E In Information Science and Engineering For the subject Data communication[IS511] Submitted by Deekshapoornashri (1MS13IS141) Greeshma R J (1MS13IS142) Shakunthala B V (1MS14IS412) Shanta (1MS14IS413)
M. S. RAMAIAH INSTITUTE OF TECHNOLOGY DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING BANGALORE – 560 054 C E R T I F I C A T E This is to certify that the “Presentation on NMAP” has been successfully completed by: Deekshapoornashri 1MS13IS141 Greeshma R J 1MS13IS142 Shakunthala B V 1MS14IS412 Shanta 1MS14IS413 In partial fulfillment of 5th Semester B.E (Information Science &Engg) for the subject “DATA COMMUNICATION(IS511)” during the period 2015 - 2016, as prescribed by Department of Information Science & Engineering, MSRIT. Signature of Staff Incharge Mr. Suresh kumar Asst. Professor, Dept. of ISE, MSRIT
ACKNOWLEDGEMENTS Any achievement, be it scholastic or otherwise does not depend solely on the individual efforts but on the guidance, encouragement and cooperation of intellectuals, elders and friends. A number of personalities, in their own capacities have helped us in carrying out this project work. We would like to take this opportunity to thank them all. We deeply express our sincere gratitude to our guide Prof. Mr.Sureshkumar Assistant Professor, Department of ISE, M.S.R.I.T, Bengaluru, for his able guidance, regular source of encouragement and assistance throughout this project. We would like to thank Dr. VIJAYKUMAR B P, Head of Department, Information Science & Engineering, M.S.R.I.T, Bengaluru, for his valuable suggestions and expert advice. Most importantly, we would like to thank Dr. N.V.R NAIDU Principal, M.S.R.I.T, Bengaluru, for his moral support towards completing our project work. We thank our Parents, and all the Faculty members of Department of Information Science & Engineering For their constant support and encouragement. Last, but not the least, we would like to thank our peers and friends who provided us with valuable suggestions to improve our project.
CONTENTS:  Nmap  Features  Performan experiment for portscanning with nmap  How to use nmap  Output screen shots
NMAP Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community. Nmap was originally a Linux-only utility, but it was ported to Windows, Solaris, HP-UX, BSD variants (including OS X), AmigaOS, and IRIX. Linux is the most popular platform, followed closely by Windows.
FEATURES Nmap features include:  Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.  Port scanning – Enumerating the open ports on target hosts.  Version detection – Interrogating network services on remote devices to determine application name and version number.  OS detection – Determining the operating system and hardware characteristics of network devices.  Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.  Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses. Typical uses of Nmap:  Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.  Identifying open ports on a target host in preparation for auditing.  Network inventory, network mapping, maintenance and asset management.  Auditing the security of a network by identifying new servers.  Generating traffic to hosts on a network.  Find and exploit vulnerabilities in a network.
PERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP Port Scanning: Port Scanning is one of the most popular techniques attackers use to discover services they can break into. All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well-known ports. By port scanning the attacker finds which ports are available (i.e., being listened to by a service). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Port Numbers The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned numbers. The port numbers are divided into three ranges: the Well Known Ports (0..1023), the Registered Ports (1024..49151), and the Dynamic and/or Private Ports (49152..65535). Well-Known Ports All the operating systems now honor the tradition of permitting only the super-user open the ports numbered 0 to 1023. These well-known ports (also called standard ports) are assigned to services by the IANA (Internet Assigned Numbers AuthorityPERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP ). On Unix, the text file named /etc/ services (on Windows 2000 the file named %windier% system32 drivers etc services) lists these service names and the ports they use. Here are a few lines extracted from this file: echo 7/tcp Echo ftp-data 20/udp File Transfer [Default Data] ftp 21/tcp File Transfer [Control] ssh 22/tcp SSH Remote Login Protocol telnet 23/tcp Telnet domain 53/udp Domain Name Server www-http 80/tcp World Wide Web HTTP Nmap: Nmap ("Network Mapped") is a free and open source utility for network exploration or security auditing. The six port states recognizedby Nmap Open-An application is actively accepting TCP connections, UDP datagram or SCTP
associations on this port. Finding these is often the primary goal of port scanning. Security minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect hem with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because theyshow services available for use on the network. Closed-A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next. Filtered-Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically. Unfiltered-The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rule sets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open. openfiltered-Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way. Closedfiltered-This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
Nmap Scan -sS (TCP SYN scan) SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections. SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's FIN/NULL/Xmas, Maim on and idle scans do. It also allows clear, reliable differentiation between the open, closed, and filtered states. -sT (TCP connect scan) TCP connect scan is the default TCP scan type when SYN scan is not an option -sU (UDP scans) While most popular services on the Internet run over the TCP protocol, UDPservices are widely deployed. DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68) are three of the most common. Because UDP scanning is generally slower and more difficult than TCP, some security auditors ignore these ports -sY (SCTP INIT scan) SCTPis a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. It is mostly being used for SS7/SIGTRAN related services but has the potential to be used for other applications as well. -sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even open| filtered) ports. It is used to map out firewall rule sets, determining whether they are stateful or not and which ports are filtered.
USING NMAP 1)FIND OPEN PORTS ON A SYSTEM 2) FIND THE MACHINES WHICH ARE ACTIVE 3)FIND THE VERSION OF REMOTE OS ON OTHER SYSTEMS 4)FIND THE VERSION OF S/W INSTALLED ON OTHER SYSTEM 1. Download Nmap from www.nmap.org and install the Nmap Software with Win cap Driver utility. 2. Execute the Nmap-Zen map GUI tool from Program Menu or Desktop Icon. 3. Type the Target Machine IP Address(ie, Guest OS or any website Address) 4. Perform the profiles shown in the utility.
PERFORM AN EXPERIMENT ON ACTIVE AND PASSIVE FINGER PRINTING USING NMAP. Fingerprinting OS: Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprintingcan be classified into two types  Active Stack Fingerprinting  Passive Stack Fingerprinting Active Stack Fingerprinting It involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database and the OS is identified. It is commonly used method though there are high chances of getting detected. It can be performed by following ways. Using Nmap :Nmap is a port scanning tool that can be used for active stack OS fingerprinting. Syntax: nmap –O ip address Example: nmap –O 192.168.1.88 Passive StackFingerprinting It involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. Passive stack fingerprinting can be performed in following ways.
OUTPUT: ACTIVE OS FINGERPRINTING 1. nmap -O 192.168.1.88

More Related Content

PDF
Scanning
byAshok kumar sandhyala
 
PPT
SSL basics and SSL packet analysis using wireshark
byAl Imran, CISA
 
PDF
Wireshark Traffic Analysis
byDavid Sweigert
 
PPT
Wireshark Basics
byYoram Orzach
 
PPTX
Packet analysis using wireshark
byBasaveswar Kureti
 
PDF
A network behavior analysis method to detect this writes about a method to ...
byThang Nguyen
 
PPTX
CapAnalysis - Deep Packet Inspection
byChris Harrington
 
PPTX
Packet capture in network security
byChippy Thomas
 
Scanning
byAshok kumar sandhyala
 
SSL basics and SSL packet analysis using wireshark
byAl Imran, CISA
 
Wireshark Traffic Analysis
byDavid Sweigert
 
Wireshark Basics
byYoram Orzach
 
Packet analysis using wireshark
byBasaveswar Kureti
 
A network behavior analysis method to detect this writes about a method to ...
byThang Nguyen
 
CapAnalysis - Deep Packet Inspection
byChris Harrington
 
Packet capture in network security
byChippy Thomas
 

What's hot

PPTX
Wireshark
byDeepika Ojha
 
PDF
Wireshark tutorial
byPiyush Mittal
 
PDF
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
byOlli-Pekka Niemi
 
PPTX
Network Packet Analysis with Wireshark
byJim Gilsinn
 
PPTX
Packet Sniffer
byvilss
 
DOCX
Wireshark lab getting started one’s unde
bypiya30
 
PPT
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
byDenny K Miu
 
PDF
Packet sniffing & ARP Poisoning
byViren Rao
 
PPT
Hacking Cisco
byguestd05b31
 
PDF
Sniffing via dsniff
byKshitij Tayal
 
PPTX
Packet sniffers
byKunal Thakur
 
PPTX
Packet sniffing in switched LANs
byIshraq Al Fataftah
 
PPTX
PACKET Sniffer IMPLEMENTATION
byGoutham Royal
 
PDF
Wireshark tutorial
byChaman Poorani
 
PDF
Wireshark ppt
bybala150985
 
PDF
Wireshark - Basics
byYoram Orzach
 
PDF
How to use packet sniffers
byDeepika Padmanabhan
 
PDF
Packet sniffing
byTanmay 'Unsinkable'
 
PPTX
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
PDF
Wireshark course, Ch 02: Introduction to wireshark
byYoram Orzach
 
Wireshark
byDeepika Ojha
 
Wireshark tutorial
byPiyush Mittal
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
byOlli-Pekka Niemi
 
Network Packet Analysis with Wireshark
byJim Gilsinn
 
Packet Sniffer
byvilss
 
Wireshark lab getting started one’s unde
bypiya30
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
byDenny K Miu
 
Packet sniffing & ARP Poisoning
byViren Rao
 
Hacking Cisco
byguestd05b31
 
Sniffing via dsniff
byKshitij Tayal
 
Packet sniffers
byKunal Thakur
 
Packet sniffing in switched LANs
byIshraq Al Fataftah
 
PACKET Sniffer IMPLEMENTATION
byGoutham Royal
 
Wireshark tutorial
byChaman Poorani
 
Wireshark ppt
bybala150985
 
Wireshark - Basics
byYoram Orzach
 
How to use packet sniffers
byDeepika Padmanabhan
 
Packet sniffing
byTanmay 'Unsinkable'
 
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
Wireshark course, Ch 02: Introduction to wireshark
byYoram Orzach
 

Viewers also liked

PDF
Technology For Best Schools ( i school )
byHarry C
 
DOCX
Rakesh b.tech
byRakesh Raushan
 
DOCX
Dc project 1
byshwetha mk
 
PPTX
Test
byguestbc164f
 
PDF
Alien cicatrix-2-simbad-corrado-malanga
byDespinaLazar
 
PPT
Transmision media ppt
byshwetha mk
 
DOCX
Charles thompson resume
byCharlie Thompson
 
PDF
Z42, yucatán. guía de análisis directivo2015 16
byZona Escolar. Dra. Alma Yolanda Arceo Rejón. Supervisora
 
PDF
Helmut Jahn
byGreysi Zapata
 
PPT
Albert Chen Work experience20150722
byYu Yong Chen
 
PPTX
Farmacos antimicoticos sss
bymagdiel vazquez
 
PPTX
Knowledge Management
byRitubatra9
 
DOC
updated Nursing resume
byFrank Pereira
 
PPS
Programa Física Médica USACH
byarchivomedico
 
PPTX
Slide uh 5 kls 7 ganjil
bymardhiyah213
 
PPT
David's short film proposal
byDayJay
 
PDF
Blue Brain Seminar Report
byVarun A M
 
PPT
intelligent school, education process management
byHarry C
 
DOC
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
byRohit Srivastava
 
PDF
Hyperloop VTU Seminar Report
byUmar Ahmed
 
Technology For Best Schools ( i school )
byHarry C
 
Rakesh b.tech
byRakesh Raushan
 
Dc project 1
byshwetha mk
 
Test
byguestbc164f
 
Alien cicatrix-2-simbad-corrado-malanga
byDespinaLazar
 
Transmision media ppt
byshwetha mk
 
Charles thompson resume
byCharlie Thompson
 
Z42, yucatán. guía de análisis directivo2015 16
byZona Escolar. Dra. Alma Yolanda Arceo Rejón. Supervisora
 
Helmut Jahn
byGreysi Zapata
 
Albert Chen Work experience20150722
byYu Yong Chen
 
Farmacos antimicoticos sss
bymagdiel vazquez
 
Knowledge Management
byRitubatra9
 
updated Nursing resume
byFrank Pereira
 
Programa Física Médica USACH
byarchivomedico
 
Slide uh 5 kls 7 ganjil
bymardhiyah213
 
David's short film proposal
byDayJay
 
Blue Brain Seminar Report
byVarun A M
 
intelligent school, education process management
byHarry C
 
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
byRohit Srivastava
 
Hyperloop VTU Seminar Report
byUmar Ahmed
 

Similar to Contents namp

PDF
Nmap
byFat-Thing Gabriel-Culley
 
PDF
A COMPREHENSIVE ANALYSIS OF NETWORK SCANNING AND SECURITY ASSESSMENT TOOL
byIJNSA Journal
 
PPTX
Cyber security-Active Scanning Networks-Nmap
byAdelSayed9
 
PPTX
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
byBoston Institute of Analytics
 
PPTX
NMap
byPritesh Raka
 
PDF
Practical White Hat Hacker Training - Active Information Gathering
byPRISMA CSI
 
PPTX
NMAP
byPrateekAryan1
 
PPTX
Using metasploit
byCyberRad
 
PDF
O PODER DO NMAP ATRAVÉS DE SEUS COMANDOS.pdf
byMaicon Wendhausen
 
PPTX
Nmap
byMegha Sahu
 
PDF
NMap 101 offline meetup by CyberForge Academy
bycyberforgeacademy
 
PPTX
Null Delhi chapter - Feb 2019
byNikhil Raj
 
PPTX
Recon with Nmap
byOWASP Delhi
 
DOCX
This Assignment consists of Amazon Web services
byMahesh688216
 
PDF
A REVIEW ON NMAP AND ITS FEATURES
byIRJET Journal
 
PDF
Nmap Hacking Guide
byAryan G
 
PDF
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
byJoshua Gorinson
 
PDF
Network Scanning refers to the set of procedures adopted for identifying a ne...
byMarkoKustro
 
PPT
NMAP1.ppt
byDakshKhurana15
 
PPTX
Nmap
byNishaYadav177
 
Nmap
byFat-Thing Gabriel-Culley
 
A COMPREHENSIVE ANALYSIS OF NETWORK SCANNING AND SECURITY ASSESSMENT TOOL
byIJNSA Journal
 
Cyber security-Active Scanning Networks-Nmap
byAdelSayed9
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
byBoston Institute of Analytics
 
NMap
byPritesh Raka
 
Practical White Hat Hacker Training - Active Information Gathering
byPRISMA CSI
 
NMAP
byPrateekAryan1
 
Using metasploit
byCyberRad
 
O PODER DO NMAP ATRAVÉS DE SEUS COMANDOS.pdf
byMaicon Wendhausen
 
Nmap
byMegha Sahu
 
NMap 101 offline meetup by CyberForge Academy
bycyberforgeacademy
 
Null Delhi chapter - Feb 2019
byNikhil Raj
 
Recon with Nmap
byOWASP Delhi
 
This Assignment consists of Amazon Web services
byMahesh688216
 
A REVIEW ON NMAP AND ITS FEATURES
byIRJET Journal
 
Nmap Hacking Guide
byAryan G
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
byJoshua Gorinson
 
Network Scanning refers to the set of procedures adopted for identifying a ne...
byMarkoKustro
 
NMAP1.ppt
byDakshKhurana15
 
Nmap
byNishaYadav177
 

Recently uploaded

PPTX
What are the Custom lot_serial number in Odoo 19
byCeline George
 
PDF
ADIEU, BRIGITTE BARDOT - THE ACTRESS WHO CHANGED THE WORLD.pdf
byMilanStankovic19
 
PPTX
Cultivation Practice of Chilli and sweet Pepper.pptx
byUmeshTimilsina1
 
PPTX
2. Classification of vegetable and spice crops.pptx
byUmeshTimilsina1
 
PDF
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
PDF
Harmonising Tertiary Education through XR and AI: Innovative approach in the ...
byTorrens University Australia
 
PPTX
Details Study of Joints (articulation).pptx
byAshish Umale
 
PPTX
Cultivation Practice of Brinjal in Nepal.pptx
byUmeshTimilsina1
 
PPTX
Cultivation Practice of Tomato in Nepal.pptx
byUmeshTimilsina1
 
PPTX
Structure and function of Integumentary system (skin).pptx
byAshish Umale
 
PDF
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
PPTX
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
PPTX
Cardiovascular System or The Details of Heart.pptx
byAshish Umale
 
PPTX
Aplastic_Anaemia_PA17.1_Presentation.pptx
byDibyajyoti Prusty
 
PDF
DNA.CEO: DNA-Computing For Kids, Teens, & Dummies (Like Me)
byVladislav Solodkiy
 
PDF
Plant Respiration.pdf Remedial Biology Unit-5 B.Pharm 1st Year
bySaurabh Dubey
 
PPT
Blood Grouping.ppt - Hematology -Physiology
bykishorkumar396
 
PDF
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
PPTX
Open to All Quiz Final Bagula Pathbhabana.pptx
bySourav Kr Podder
 
PPTX
CHAPTER NO. 05 BIOLOGICAL SOURCE,CHEMICAL CONSTITUENTS AND THERAPEUTIC EFFICA...
byGanu Gavade
 
What are the Custom lot_serial number in Odoo 19
byCeline George
 
ADIEU, BRIGITTE BARDOT - THE ACTRESS WHO CHANGED THE WORLD.pdf
byMilanStankovic19
 
Cultivation Practice of Chilli and sweet Pepper.pptx
byUmeshTimilsina1
 
2. Classification of vegetable and spice crops.pptx
byUmeshTimilsina1
 
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
Harmonising Tertiary Education through XR and AI: Innovative approach in the ...
byTorrens University Australia
 
Details Study of Joints (articulation).pptx
byAshish Umale
 
Cultivation Practice of Brinjal in Nepal.pptx
byUmeshTimilsina1
 
Cultivation Practice of Tomato in Nepal.pptx
byUmeshTimilsina1
 
Structure and function of Integumentary system (skin).pptx
byAshish Umale
 
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
Cardiovascular System or The Details of Heart.pptx
byAshish Umale
 
Aplastic_Anaemia_PA17.1_Presentation.pptx
byDibyajyoti Prusty
 
DNA.CEO: DNA-Computing For Kids, Teens, & Dummies (Like Me)
byVladislav Solodkiy
 
Plant Respiration.pdf Remedial Biology Unit-5 B.Pharm 1st Year
bySaurabh Dubey
 
Blood Grouping.ppt - Hematology -Physiology
bykishorkumar396
 
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
Open to All Quiz Final Bagula Pathbhabana.pptx
bySourav Kr Podder
 
CHAPTER NO. 05 BIOLOGICAL SOURCE,CHEMICAL CONSTITUENTS AND THERAPEUTIC EFFICA...
byGanu Gavade
 

Contents namp

  • 1.
    M. S. RAMAIAHINSTITUTE OF TECHNOLOGY (AUTONOMOUS INSTITUTE, AFFILIATED TO VTU) A Presentation Report on “NMAP” Submitted in Partial fulfillment of 5th Semester B.E In Information Science and Engineering For the subject Data communication[IS511] Submitted by Deekshapoornashri (1MS13IS141) Greeshma R J (1MS13IS142) Shakunthala B V (1MS14IS412) Shanta (1MS14IS413)
  • 2.
    M. S. RAMAIAHINSTITUTE OF TECHNOLOGY DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING BANGALORE – 560 054 C E R T I F I C A T E This is to certify that the “Presentation on NMAP” has been successfully completed by: Deekshapoornashri 1MS13IS141 Greeshma R J 1MS13IS142 Shakunthala B V 1MS14IS412 Shanta 1MS14IS413 In partial fulfillment of 5th Semester B.E (Information Science &Engg) for the subject “DATA COMMUNICATION(IS511)” during the period 2015 - 2016, as prescribed by Department of Information Science & Engineering, MSRIT. Signature of Staff Incharge Mr. Suresh kumar Asst. Professor, Dept. of ISE, MSRIT
  • 3.
    ACKNOWLEDGEMENTS Any achievement, beit scholastic or otherwise does not depend solely on the individual efforts but on the guidance, encouragement and cooperation of intellectuals, elders and friends. A number of personalities, in their own capacities have helped us in carrying out this project work. We would like to take this opportunity to thank them all. We deeply express our sincere gratitude to our guide Prof. Mr.Sureshkumar Assistant Professor, Department of ISE, M.S.R.I.T, Bengaluru, for his able guidance, regular source of encouragement and assistance throughout this project. We would like to thank Dr. VIJAYKUMAR B P, Head of Department, Information Science & Engineering, M.S.R.I.T, Bengaluru, for his valuable suggestions and expert advice. Most importantly, we would like to thank Dr. N.V.R NAIDU Principal, M.S.R.I.T, Bengaluru, for his moral support towards completing our project work. We thank our Parents, and all the Faculty members of Department of Information Science & Engineering For their constant support and encouragement. Last, but not the least, we would like to thank our peers and friends who provided us with valuable suggestions to improve our project.
  • 4.
    CONTENTS:  Nmap  Features Performan experiment for portscanning with nmap  How to use nmap  Output screen shots
  • 5.
    NMAP Nmap (Network Mapper)is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community. Nmap was originally a Linux-only utility, but it was ported to Windows, Solaris, HP-UX, BSD variants (including OS X), AmigaOS, and IRIX. Linux is the most popular platform, followed closely by Windows.
  • 6.
    FEATURES Nmap features include: Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.  Port scanning – Enumerating the open ports on target hosts.  Version detection – Interrogating network services on remote devices to determine application name and version number.  OS detection – Determining the operating system and hardware characteristics of network devices.  Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.  Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses. Typical uses of Nmap:  Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.  Identifying open ports on a target host in preparation for auditing.  Network inventory, network mapping, maintenance and asset management.  Auditing the security of a network by identifying new servers.  Generating traffic to hosts on a network.  Find and exploit vulnerabilities in a network.
  • 7.
    PERFORM AN EXPERIMENTFOR PORT SCANNING WITH NMAP Port Scanning: Port Scanning is one of the most popular techniques attackers use to discover services they can break into. All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well-known ports. By port scanning the attacker finds which ports are available (i.e., being listened to by a service). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Port Numbers The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned numbers. The port numbers are divided into three ranges: the Well Known Ports (0..1023), the Registered Ports (1024..49151), and the Dynamic and/or Private Ports (49152..65535). Well-Known Ports All the operating systems now honor the tradition of permitting only the super-user open the ports numbered 0 to 1023. These well-known ports (also called standard ports) are assigned to services by the IANA (Internet Assigned Numbers AuthorityPERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP ). On Unix, the text file named /etc/ services (on Windows 2000 the file named %windier% system32 drivers etc services) lists these service names and the ports they use. Here are a few lines extracted from this file: echo 7/tcp Echo ftp-data 20/udp File Transfer [Default Data] ftp 21/tcp File Transfer [Control] ssh 22/tcp SSH Remote Login Protocol telnet 23/tcp Telnet domain 53/udp Domain Name Server www-http 80/tcp World Wide Web HTTP Nmap: Nmap ("Network Mapped") is a free and open source utility for network exploration or security auditing. The six port states recognizedby Nmap Open-An application is actively accepting TCP connections, UDP datagram or SCTP
  • 8.
    associations on thisport. Finding these is often the primary goal of port scanning. Security minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect hem with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because theyshow services available for use on the network. Closed-A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next. Filtered-Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically. Unfiltered-The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rule sets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open. openfiltered-Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way. Closedfiltered-This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
  • 9.
    Nmap Scan -sS (TCPSYN scan) SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections. SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's FIN/NULL/Xmas, Maim on and idle scans do. It also allows clear, reliable differentiation between the open, closed, and filtered states. -sT (TCP connect scan) TCP connect scan is the default TCP scan type when SYN scan is not an option -sU (UDP scans) While most popular services on the Internet run over the TCP protocol, UDPservices are widely deployed. DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68) are three of the most common. Because UDP scanning is generally slower and more difficult than TCP, some security auditors ignore these ports -sY (SCTP INIT scan) SCTPis a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. It is mostly being used for SS7/SIGTRAN related services but has the potential to be used for other applications as well. -sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even open| filtered) ports. It is used to map out firewall rule sets, determining whether they are stateful or not and which ports are filtered.
  • 10.
    USING NMAP 1)FINDOPEN PORTS ON A SYSTEM 2) FIND THE MACHINES WHICH ARE ACTIVE 3)FIND THE VERSION OF REMOTE OS ON OTHER SYSTEMS 4)FIND THE VERSION OF S/W INSTALLED ON OTHER SYSTEM 1. Download Nmap from www.nmap.org and install the Nmap Software with Win cap Driver utility. 2. Execute the Nmap-Zen map GUI tool from Program Menu or Desktop Icon. 3. Type the Target Machine IP Address(ie, Guest OS or any website Address) 4. Perform the profiles shown in the utility.
  • 13.
    PERFORM AN EXPERIMENTON ACTIVE AND PASSIVE FINGER PRINTING USING NMAP. Fingerprinting OS: Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprintingcan be classified into two types  Active Stack Fingerprinting  Passive Stack Fingerprinting Active Stack Fingerprinting It involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database and the OS is identified. It is commonly used method though there are high chances of getting detected. It can be performed by following ways. Using Nmap :Nmap is a port scanning tool that can be used for active stack OS fingerprinting. Syntax: nmap –O ip address Example: nmap –O 192.168.1.88 Passive StackFingerprinting It involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. Passive stack fingerprinting can be performed in following ways.
  • 14.