Nicholas Marsh - Nmap 6 Cookbook: The Fat-Free Guide to Network Security Scanning

Nmap 6 Cookbook

The Fat-free Guide to Network Scanning

NmapCookbook.com

All other trademarks used in this book are property of their respective owners. Use of any trademark in this book does not constitute an affiliation with or endorsement from the trademark holder.

All information in this book is presented on an as-is basis. No warranty or guarantee is provided and the author and/or publisher shall not be held liable for any loss or damage.

Revision History

Nmap Cookbook, 2010 - Covers Nmap 5

Nmap 6 Cookbook, 2015 - Covers Nmap 6, Nping, Ncat, and other new features plus corrections and expanded content

Compatibility

This e-book works best on tablets with 7-inch or larger screens.

Copyright 2015 Nicholas Marsh - All rights reserved.

This guide is dedicated to the open source community. Without the tireless efforts of open source developers, programs like Nmap would not exist. Many of these developers devote large amounts of their spare time creating and supporting wonderful open source applications and ask for nothing in return.

The collaborative manner in which open source software is developed shows the true potential of humanity if we all work together towards a common goal.

I have over 15 years of IT experience in a wide array of technologies including Unix/Linux, Windows, networking, and virtualization. Ive worked for companies large and small, engineering solutions to meet their ever-changing technology needs.

I write Fat Free Guides for fun. I hope you find my books helpful in expanding your technical knowledge. Please email me with questions or comments.

Thanks for reading,

Nick Marsh

Nmap is a network scanning utility created by Gordon Fyodor Lyon that can be used to discover, audit, and troubleshoot networked systems. It is free software released under the GNU General Public License (see gnu.org/copyleft/gpl.html). Nmap is is actively developed by a community of volunteers and is an evaluable tool for network administrators and security auditors.

Nmaps award-winning suite of network scanning utilities have been in constant development since 1997 and continually improve with each new release. Version 6 of Nmap (released in May of 2012) adds many new features and enhancements. Some of the best new features added to Nmap 6 are listed below:

- Improved service and operating system version detection
- Better support for Windows and Mac OS X
- Addition of the Nping utility (discussed in Section 14)
- Continued enhancement of NSE (the Nmap Scripting Engine, discussed in Section 15)
- Full support for IPv6
- Better overall performance

The Nmap project relies on volunteers to support and develop this amazing tool. If you would like to help improve Nmap, there are several ways to get involved:

Nmap isn't just a tool made exclusively for "hackers". It's a wonderful program that every network administrator should know about. Despite its fame (Nmap has been featured in several movies), it isnt widely known outside of technically elite circles. You can help promote Nmap by introducing this wonderful tool to your friends or writing a blog entry about it.

Note: Show your friends how cool Nmap is by pointing them to Nmap's movie credit page at nmap.org/movies .

You can help improve Nmap by reporting any bugs you discover to the Nmap developers. The Nmap project provides a mailing list for this, which can be found online at seclists.org/nmap-dev.

Note: Thousands of people worldwide use Nmap. Additionally, Nmap developers are very busy people. Before reporting a bug or asking for assistance, you should search the Nmap website and mailing lists to make sure your problem hasnt already been reported or resolved.

If youre a programmer with some spare time on your hands, you can get involved with Nmap development. To learn more about contributing code to the Nmap project visit nmap.org/data/HACKING. Nmap also sponsors Google Summer of Code. If you're a student you can apply to join this annual program at nmap.org/soc and gain valuable experience while also helping to improve the Nmap suite.

Submit TCP/IP Fingerprints

If youre not a programmer, you can still improve Nmap by submitting any unknown TCP/IP fingerprints you discover while scanning. Submitting fingerprints is easy and it helps improve Nmaps software version and operating system detection capabilities. Visit nmap.org/submit/ for more information or to submit your discoveries.

Note: More information on this topic is covered in Section 6.

The Nmap project does not accept donations. If, however, you have a security related service you would like promote, you can sponsor Nmap by purchasing an advertising package on the insecure.org website. For more information, visit insecure.org/advertising.html.

Nmap running on Microsoft Windows systems:

C:\> nmap scanme.nmap.org

Nmap running on non-privileged accounts for Unix/Linux/Mac OS X:

$ nmap scanme.nmap.org

Nmap running on Unix/Linux/Mac OS X systems as the root user:

# nmap scanme.nmap.org

Using the sudo command to elevate privileges for Unix/Linux/Mac OS X:

$ sudo nmap scanme.nmap.org

Note: Windows users may omit the sudo command where used in examples as its use is not necessary and will not work on Microsoft based systems.

Using command line options with Nmap:

# nmap -T2 scanme.nmap.org

Important: Nmaps command line options are case sensitive. The -T2 option (discussed in Section 7) in the example above is not the same as -t2 and will result in an error if specified in the incorrect case.

Additional Nmap output truncated (to save space):

[...]

Keyboard sequences:

, , etc.

Before you can begin working with Nmap, you must have a basic grasp of how the Internet Protocol Suite (TCP, UDP, IP, etc.) works. This section provides a high level overview of the IP Suite for beginners. True to the Fat-Free style, this is by no means an exhaustive guide to TCP/IP, but rather a foundation to build on. The goal is to jumpstart your understanding so that you can use Nmap effectively.

The Internet Protocol Suite is a set of communication protocols that drive modern networks and the Internet. The IP Suite is often referred to as TCP/IP, short for Transmission Control Protocol/Internet Protocol, which are two of the core protocols defined in the IP Suite. Beyond TCP and IP, there are many other protocols that make up the complete IP Suite including ARP (Address Resolution Protocol), DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol), and dozens more.