What is Nmap?

Nmap is an open-source utility for network discovery. Network Mapper is a security auditing and network scanning independent tool developed by Gordon Lyon. It is used by network administrators to detect the devices currently running on the system and the port number by which the devices are connected.

Many systems and network administrators are used for managing network inventory, service upgrade schedules, monitoring hosts and service uptime.

Nmap Definition

At the top-level, Nmap is defined as a tool that can detect or diagnose services that are running on an Internet-connected system by a network administrator in their networked system used to identify potential security flaws. It is used to automate redundant tasks, such as monitoring the service.

Working of Nmap

Nmap is convenient during penetration testing of networked systems. Nmap provides the network details, and also helps to determine the security flaws present in the system. Nmap is platform-independent and runs on popular operating systems such as Linux, Windows and Mac.

Nmap is a useful tool for network scanning and auditing purposes.

• It can search for hosts connected to the Network.
• It can search for free ports on the target host.
• It detects all services running on the host with the help of operating system.
• It also detects any flaws or potential vulnerabilities in networked systems.

It is effortless to work with the Nmap. With the release of a new graphical user interface called GenMap User, it performs many tasks such as saving and comparing scan results, scanning the results in a database, and visualize the network system topology graphically, etc.

Advantages of Nmap

Nmap has a lot of advantages that make it different from other network scanning tools. Nmap is open-source and free to use.

Some other advantages are listed below.

• It is used for auditing network systems as it can detect new servers.
• It will search for subdomain and Domain Name System
• With the help of Nmap Scripting Engine (NSE), interaction can be made with the target host.
• It determines the nature of the service in the host and performs whether the host is a mail service or a web server.

Essential skills

Nmap offers various technologies to scan the networks, such as TCP Connect scanning, FTP bounce scanning, TCP reverse identification scanning, etc. to scan the Network. One should start with Nmap to learn all of the techniques.

Why should we use Nmap?

If you are a network administrator, it is required to check target hosts, determine free and occupied ports, and perform security vulnerability scans. It offers all utilities, whether we need to monitor a single host or multiple hosts.

Nmap is used for regular network audits. Nevertheless, it can perform redundant tasks such as managing network inventory, scheduling service upgrades, and monitoring various uptime and downtime services.

It also lists the status of services such as open, filtered, unfiltered or closed.

The output is extended to reverse operating system type, MAC address, device type, and also DNS names.

Types of Nmap scan

Different types of scans can be done using Nmap.

TCP Scan

It completes a three-way handshake between you and a closet target system. The TCP scan is very noisy and cannot be detected with almost any effort because services can log onto the sender IP address and trigger an intrusion detection system.

UDP Scan

The UDP scan is used to check if there is a UDP port and listening for incoming requests to the target the machine. Unlike the TCP, UDP has no mechanism to react with positive acceptability, so there is a chance for false-positive scan results. UDP scans are used to reveal Trojan horses, which run on a UDP port or to reveal the hidden RPC services. These scans are slow because the machines slow down their responses to such traffic as a precaution.

SYN Scan

It is another form of TCP scan. Nmap crafts a sync packet, the first packet sent to establish is a TCP connection.

ACK Scan

ACK scans are used to determine a particular port that has been filtered. It proves to be extremely helpful when trying to check for firewalls and their current regulations.

Bang Scan

The bang scan is like SYN scans. It sends the TCP fin packet instead of RST packet (reset packet) if it receives the input so that false scans and negativity are seen in the scan. But it may be under the radar of some IDS programs and many countermeasures.

Full Scan

The null scan is very secretive, and as the name suggests what they do - they set all header fields to zero. It is not a valid packet, and targets will not know how to deal with packet.

Xmas Scan

Computers running windows will not respond to X MAS scans due to the way they implement their TCP stack. A set of flags triggered within a scanning packet derives its Name that is sent for scanning. XMAS scans are used to manipulate PSH, URG and FIN flags in TCP headers.

RPC Scan

RPC scans are used to search for machines that respond to Remote Procedure Call services (RPC). It allows remote to run on a particular machine under a particular set of connections. The RPC service can run on various ports. Therefore, regular scans are challenging to detect if RPC services are running.

IDE Scan

IDE scan is the most secure scan as packets are bounced from external hosts. Control is not required on the host, but the host must fulfil a specific set of conditions.

Nmap Functions

Most of Nmap's standard functions are executed by using a single command.

There are the following Nmap functions, as follows:

1. Ping Scanning

The ping scanning gives information about every active IP on your Network. We can perform a ping scan by using the below command:

2. Port Scanning

Port scanning is one of the most popular forms of reconnaissance ahead of a hack, helping attackers determine which ports are most susceptible.

There are many ways to execute port scanning using Nmap.

3. Host scanning

Host scanning provides a detailed description of a particular host or IP address. As mentioned above, you can scan a host using the following command:

4. OS Scanning

OS scanning is the most powerful feature of Nmap. It sends TCP and UDP packets to a port and analyzes the response when using this type of scan. It compares the response to a database of operating systems and returns information on a host's OS. To run the OS scan, use the command, given below:

5. Scan the Most Popular Ports

If you are running Nmap on a home server, this command is easy. It scans 'popular' ports for a host. You can use the command given below to scan the popular ports:

Replace "20" with the number of ports you want to scan. It gives a brief output that details the most common ports status and allows you to see if you have any unnecessarily open ports.

6. Output to a file

If we want the output of results of Nmap scan of any file, you can add an extension to the command.

The command is the output of results to a text file.

7. Disable DNS Name Resolution

Finally, we can speed up your Nmap scan by using the -n parameter to disable inverted DNS resolution. It is useful to perform a wide network scan.

For example, add-en to turn off the DNS resolution for the required ping scans.