- Practical Linux Security Cookbook
- Tajinder Kalsi
- 499字
- 2021-07-16 11:05:29
Scanning hosts with Nmap
Nmap is one of the most popular tools included in Linux that can be used to scan a network. It has been in existence for many years, and to date, it is one of the most preferable tools to gather information about a network.
Nmap can be used by administrators on their networks to find any open ports and host systems.
When doing a vulnerability assessment, Nmap is surely a tool that can't be missed.
Getting ready
Most Linux versions have Nmap installed. The first step is to check whether you already have it using this command:
nmap –version
If Nmap exists, you should see an output similar to what is shown here:
If Nmap is not already installed, you can download and install it from https://nmap.org/download.html
How to do it…
Follow these steps to scan hosts using Nmap:
- The most common use of Nmap is to find all online hosts within a given IP range. The default command used to do this takes some time to scan the complete network, depending on the number of hosts present in the network. However, we can optimize the process in order to scan the range faster.
The following screenshot shows you an example of this:
- In the preceding example, the time taken to complete the scan was 6.67 seconds when scanning 100 hosts. If the whole IP range for a particular network is to be scanned, it would take a lot more time.
- Now, let's try to speed up the process. The
nswitch tells Nmap not to perform the DNS resolution of the IP addresses, hence making the process faster. TheTswitch tells Nmap what speed to operate at. Here,T1is the slowest andT5is the fastest. Themax-rtt-timeoutoption specifies the maximum time required to wait for the response.Now, the same command is shown in this example:
This time, Nmap scanned the complete IP range in 1.97 seconds. Pretty good, right?
- Port scanning using Nmap helps us discover services that are online, such as finding FTP servers. To do this, use the following command:
The preceding command of Nmap shall list out all the IP addresses that have port 21 open.
- Not only FTP, other services can also be discovered by matching the port numbers on which they run. For example, MySQL runs on port 3306. The command will now look like this:
How it works…
Nmap checks for services that are listening by testing the most common network communication ports. This information helps the network administrator to close down any unwanted or unused services. The preceding examples show you how to use port scanning and Nmap as powerful tools to study the network around us.
See also
Nmap also has scripting features using which we can write custom scripts. These scripts can be used with Nmap to automate and extend its scanning capabilities. You can find more information about Nmap on its official home page at https://nmap.org/
- Cocos2d Cross-Platform Game Development Cookbook(Second Edition)
- Learn ECMAScript(Second Edition)
- 大學計算機基礎實驗教程
- Mastering Python Scripting for System Administrators
- Getting Started with PowerShell
- Visual Basic程序設計教程
- Reactive Programming With Java 9
- FLL+WRO樂高機器人競賽教程:機械、巡線與PID
- Learn React with TypeScript 3
- 小程序開發原理與實戰
- JAVA程序設計實驗教程
- Flutter跨平臺開發入門與實戰
- Extending Puppet(Second Edition)
- 編程菜鳥學Python數據分析
- Python機器學習之金融風險管理