DEV Community

Cover image for Mapping A Network (NMap)
ODOT!
ODOT!

Posted on

Mapping A Network (NMap)

Peace,

Been gathering all the notes over the prior moons to provide amazing blog posts surrounding Linux. Must say, I am impressed in what I have learned thus far. Still much more to go and I am ready! Today we will discuss the mighty tool called NMap. NMap (Network Mapper) is a tool that scans IP addresses and ports in a network. NMap also detects installed applications. This is one of the tools I would say ALL cybersec resources would recommend using so don't go rogue on me now! For Kali Linux users, NMap is actually preinstalled. Before we speak about the commands, let's first see why this tool is a great one in the books of Ethical Hacking.

NMap is a free open source tool that is used to check for vulnerabilities. It was created in 97 and still used to this day. It has a large community of developers who maintain and keep it up to date which is amazing. The heart of the tool is port scanning. It designate a list of targets on a network that they want to learn by compiling a range of ports. To be brief, it provides several information gathering techniques to use for a target.

Many of the activities in which Nmap is used for are the following:

  • Network Mapping
  • Port Rules Discovery
  • Shadow IT Hunting
  • OS Detection
  • Service Discovery
  • Vulnerability Scanning

Now that we have that covered, let's speak about the great commands that NMap has to offer. Again, many use it for the information gathering stage gaining insights such as IPs, OS versions, open ports and more.

There are four types of Nmap scans that are used. These are the following:

  • TCP SYN scan
  • Version Detection Scan
  • OS Detection Scan
  • Vulnerability Scan

When working with NMap keep in mind that the types of scans are of the prior. There is actually a list of all the Nmap scans on their website in detail. I am just going to provide a overview so you will have the information.

Here is a full list of the scans NMap has to offer.

  • TCP Scan
  • UDP
  • SYN
  • FIN
  • ACK
  • NULL
  • XMAS
  • RPC
  • IDLE

When using the scans it's always best to make a plan first of how you will gain the information of the target. I came across a model called: kill Chain, in which I highly recommend reading. Once understanding a great philosophy on how to attack targets, I think you'd be good to go with the commands provided shortly. Before we get there let's first speak about a recommended practice for successful network vulnerability discoveries.

Best Practices for Network vulnerability Discovery.

  • Choose the right tool (Nmap)
  • Plan the scan
  • Run the Scan
  • Scan frequently
  • Analyze The Vulnerabilities
  • Document the Scan

While studying through the endless Nmap notes, I was able to truly understand how different commands work. A great video I would recommend is by :. He speaks about the top 7 Nmap scans that you should know. I started to memorize and even made a handy cheat sheet I will provide for download. Well, let's not waste time and list the top scans for Nmap.

Top 7 NMap Scans

os enumeration (Find the OS of the target)
nmap -o (ip of device or subnet)

network discovery (ping scan)
nmap -sP (ip of device or subnet)

Scan for a specific port
nmap -p (port of service) (ip of device or subnet)

Find Service Version Identification
nmap -sV (ip of device or subnet)

Combines all prior into one scan. (but very gpu heavy)
nmap -A (ip of device or subnet)

Using the Nmap Scripts
nmap -script (Script Name) (ip of device or subnet)

A great resource I would look at for NMap scripts would be the NSE (NMap Scripting Engine). I will speak about it in future posts however if you practice the last script provided it may bring you to a whole new world NMap has to offer. A great resource to test your Nmap commands would be Scanme.nmap.org. It's a vulnerable site provided by Nmap that allows scans to occur for pen testing practice. If you already practiced the prior commands how did it make you feel? Do you think you can push the boundaries of the tool to handle tasks such as CTF (Capture The Flags) and much more? Well I think you can if you stick to the studies thus I am. As always I will leave resources for you below to further your studies in cybersec.

Until next time.

Peace.

Resources

What is Nmap?

Top 7 Commands by Neisen

Best Practices for Vulnerability Scanning

Networking Basics for Cyber Security (Highly Recommended)

Top comments (0)