Monday, May 28, 2012

QuickStart: Port scanning with nmap


Disclaimer: Port scanning anything other than your own machines on your own LAN can be considered illegal and a precursor to attack. I do not condone port scanning anything other than your own PCs, or any type of illegal activity.

Overview


Port scanning is a way to discover open ports on a machine. This can be very useful for securing your PCs, servers, or workstations. You never really know whether or not a port is open until you scan for it. Port scanning is quick and easy using nmap. I will show you how to install and use nmap (very basically) on an Ubuntu system, or any Debian-based system running APT.

Install nmap


If you're lucky, there will already be an nmap package in your OSs software repos for easy installation. This is the case with Ubuntu, Mint, and most other popular Linux OSs. To install, open up a terminal (ctrl+alt+t) and run this command:
sudo apt-get install nmap -y
Otherwise, you can go to nmap.org/download and grab an installation package or the source. At the moment, it seems there are only rpm packages for download. If you want to learn how to install rpms in Ubuntu, see this post.

Use nmap


Once nmap has finished installing you can run it simply by typing the command
nmap
in the terminal. Typing nmap by itself will bring up a long list of switches that can be used with nmap. To get any results, you will need to run nmap with a target hostname or IP address. The format for a command is:
nmap [Scan Type(s)] [Options] {target specification}
Only a target is needed. For example, lets scan our own PC:
nmap localhost
You will get something like this as a result:


And that's all there is to it. By default, nmap will scan the 1,000 most common ports. This scan shows me that I have ports 139, 445, and 631 open, and also what services are running on them. There are a ridiculous amount of nmap switches and options, so you'll just have to learn those as you go along. Some useful ones are -p, which specifies a port or port range to scan -O, which performs OS detection, -6, which enables IPv6 detection, and -A which enables OS detection, version detection, script scanning, and traceroute.

For more information, read the fine man page:
man nmap
or visit nmap.org

Notes:


When you install nmap through your package manager, you are getting whatever version is in your software repo. This may not always be the latest version. To get the latest version, visit nmap.org/download and grab a software package or the source code.

No comments:

Post a Comment