NMAP Mastery
NMAP aka Network Map, as its name form suggests, so do its functionality. It is an open-source command line tool that is used to scan IP addresses and open ports in a network. And as we are talking about ports you can also get the running web applications or identify protocols from port.
While starting journey in Cyber Security, every individual masters networking concepts and for experiments and bug hunting, utilizes tools like NMAP in first place.
Why NMAP? Your Network's Best Friend
Ever felt lost trying to understand your network? That's where NMAP comes in. It's like having a friend who knows all the secrets of your network or web apps. But why bother with NMAP?
Here's the deal , NMAP helps you see what's going on in your network. It's not just for tech geeks it's for anyone who wants to keep their digital stuff safe and want to get insights of their network. Think of it as your digital guide, showing you who's connected to your network and if there are any sneaky threats lurking around.
Exploring Different Types of Scans
Let's take a quick look at what NMAP offers. Just like a Swiss Army knife for network exploration, NMAP boasts a variety of scan types, each tailored to bring specific aspects of your network's landscape. From the stealthy to the comprehensive, these scans serve as your digital toolkit for understanding and securing your network.
- TCP Connect Scan
- SYN Stealth Scan (Half-Open Scan)
- UDP Scan
- ACK Scan
- XMAS Scan
- Idle Scan (Zombie Scan)
TCP Connect Scan:
The TCP Connect Scan is perhaps the most straightforward and commonly used scan in NMAP. It operates by attempting to establish a full TCP connection with the target ports on the specified target host. This scan sends a SYN packet to the target port, and if the port is open, the target system responds with a SYN-ACK packet, indicating that the port is open and ready for communication. However, if the port is closed, the system responds with a RST (reset) packet, indicating that no service is available on that port.
To perform a TCP Connect Scan using NMAP, you can use the following command:
nmap -sT [target]
Replace [target]
with the IP address or hostname of the target system.
nmap -sT 192.168.1.100
SYN Stealth Scan
The SYN Stealth Scan, also known as the Half-Open Scan, takes a stealthier approach compared to the TCP Connect Scan. Instead of completing the full TCP handshake, this scan sends SYN packets to the target ports and waits for responses. If a SYN-ACK packet is received, indicating an open port, NMAP immediately sends a RST packet to tear down the connection without completing it, thereby minimizing the chances of detection by intrusion detection systems and firewalls. If a RST packet is received in response, indicating a closed port, NMAP notes it as such. This scan provides valuable insights into open ports without alerting potential security measures.
To execute a SYN Stealth Scan using NMAP, you can utilize the following command:
nmap -sS [target]
UDP Scan
The UDP Scan in NMAP is specifically designed to probe UDP (User Datagram Protocol) ports on a target system. Unlike TCP, UDP is connectionless, making it trickier to scan. NMAP sends UDP packets to the target ports and analyzes the responses. If a service is listening on the port and responds with a UDP packet, NMAP marks it as open. However, if there's no response or an ICMP unreachable message is received, the port is considered closed. This scan is crucial for discovering services that rely on UDP, such as DNS, DHCP, and SNMP.
To initiate a UDP Scan using NMAP, you can utilize the following command:
nmap -sU [target]
ACK Scan
The ACK Scan, another tool in NMAP's kit, serves a distinct purpose compared to traditional port scans. Instead of focusing on open ports, this scan targets filtering devices like firewalls. NMAP sends ACK (Acknowledgment) packets to the target ports and interprets the responses. If the port is unfiltered, meaning the ACK packet is not blocked, NMAP interprets it as a "reset" response, indicating an unfiltered port. However, if the port is filtered, meaning the ACK packet is blocked, no response is received, and NMAP marks it as filtered. This scan helps in understanding the filtering rules in place and identifying potential weaknesses in the network defenses.
To conduct an ACK Scan using NMAP, you can utilize the following command:
nmap -sA [target]
XMAS Scan
The XMAS Scan, named for its festive reference to the blinking lights of a Christmas tree, is a stealthy port scanning technique in NMAP's arsenal. This scan sets specific flags in TCP packets—URG, PSH, and FIN—to "on" simultaneously, resembling the lights on a decorated tree. By sending these packets to the target ports, NMAP aims to bypass simple firewall rules and identify open ports. If a port responds with no packet, it's considered open, while a RST (reset) packet indicates a closed port. This scan is effective for evading detection and uncovering potential vulnerabilities in a network's defenses.
To execute an XMAS Scan using NMAP, you can utilize the following command:
nmap -sX [target]
Idle Scan
The Idle Scan, also known as the Zombie Scan, is a sophisticated and
stealthy technique used in NMAP for port scanning. Unlike traditional
scans where the packets are sent directly from the scanner to the
target, the Idle Scan leverages a third-party system (referred to as a
"zombie") to mask the true source of the scan. NMAP sends spoofed
packets to the zombie, which then forwards them to the target, making it
appear as if the packets originate from the zombie. By analyzing the
responses from the target and the behavior of the zombie, NMAP can
determine the status of the target's ports without directly interacting
with it. This scan is highly effective for evading detection and is
particularly useful in scenarios where the true source of the scan needs
to remain anonymous.
To perform an Idle Scan using NMAP, you can utilize the following command:
nmap -sI [zombie] [target]
Assistance
Need
assistance or have questions? Contact our support team at
saad@cyberdioxide.com. For community discussions and updates, join our
Telegram chanel
or follow us on instagram