Monday, March 2, 2009

nmap examples

ping scan

nmap -v -sP 192.168.2.0/24 or nmap -sP 192.168.2.*


Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:17 IST
Initiating Ping Scan at 10:17
Scanning 256 hosts [1 port/host]
Completed Ping Scan at 10:17, 0.61s elapsed (256 total hosts)
Initiating Parallel DNS resolution of 256 hosts. at 10:17
Completed Parallel DNS resolution of 256 hosts. at 10:17, 13.63s elapsed
Host 192.168.2.0 appears to be down.
Host 192.168.2.1 appears to be up.
Host 192.168.2.2 appears to be down.
Host 192.168.2.3 appears to be down.
Host 192.168.2.4 appears to be down.


UDP scan

sudo nmap -v -sU 192.168.2.0/24

T.C.P connect scan

Ex:-
sudo nmap -sT -p 80 192.168.2.42

Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:24 IST
Interesting ports on 192.168.2.42:
PORT STATE SERVICE
80/tcp closed http
MAC Address: 00:1B:38:7D:84:A4 (Compal Information (kunshan) CO.)

Nmap done: 1 IP address (1 host up) scanned in 0.601 seconds


Ex:- nmap -sT 192.168.2.1-254 -p 1433-1435

syn stealth scan

Ex:- sudo nmap -sS -v 192.168.2.42
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:25 IST
Initiating ARP Ping Scan at 10:25
Scanning 192.168.2.42 [1 port]
Completed ARP Ping Scan at 10:25, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:25
Completed Parallel DNS resolution of 1 host. at 10:25, 0.31s elapsed
Initiating SYN Stealth Scan at 10:25
Scanning 192.168.2.42 [1714 ports]
Completed SYN Stealth Scan at 10:26, 33.22s elapsed (1714 total ports)
Host 192.168.2.42 appears to be up ... good.
All 1714 scanned ports on 192.168.2.42 are filtered (1652) or closed (62)
MAC Address: 00:1B:38:7D:84:A4 (Compal Information (kunshan) CO.)

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 33.809 seconds
Raw packets sent: 3373 (148.410KB) | Rcvd: 63 (2894B)

NB:- syn scan is used when you dont want much traffic sent


O.S Detection scan

Ex:- sudo nmap -O --vv 192.168.2.0/24
nmap -O -v 127.0.0.1

nmap adding decoys

Ex sudo nmap -sS -PN -p80 -n 192.168.2.32 -D 192.168.2.60 -v

Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-04 11:58 IST
Initiating ARP Ping Scan at 11:58
Scanning 192.168.2.32 [1 port]
Completed ARP Ping Scan at 11:58, 0.01s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 11:58
Scanning 192.168.2.32 [1 port]
Discovered open port 80/tcp on 192.168.2.32
Completed SYN Stealth Scan at 11:58, 0.02s elapsed (1 total ports)
Host 192.168.2.32 appears to be up ... good.
Interesting ports on 192.168.2.32:
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:21:97:1C:80:C2 (Unknown)

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.192 seconds
Raw packets sent: 3 (130B) | Rcvd: 2 (88B)


.........................................................................................

Ex 1 nmap -T Aggressive -vA 192.168.2.* --open

Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-04 11:40 IST
Initiating Ping Scan at 11:40
Scanning 256 hosts [1 port/host]
Completed Ping Scan at 11:40, 0.62s elapsed (256 total hosts)
Initiating Parallel DNS resolution of 256 hosts. at 11:40
Completed Parallel DNS resolution of 256 hosts. at 11:41, 13.64s elapsed
Initiating Connect Scan at 11:41
Scanning 30 hosts [1714 ports/host]
Discovered open port 21/tcp on 192.168.2.32
Discovered open port 21/tcp on 192.168.2.175
Discovered open port 21/tcp on 192.168.2.180
Discovered open port 1723/tcp on 192.168.2.1
Discovered open port 22/tcp on 192.168.2.11
Discovered open port 80/tcp on 192.168.2.11
Discovered open port 22/tcp on 192.168.2.13
Discovered open port 80/tcp on 192.168.2.13
Discovered open port 80/tcp on 192.168.2.14
............................................
...........................................


T - gives you the kind of scan , it could be aggressive,paranoid etc.

Ex 2 nmap -T Aggressive --packet-trace 192.168.2.32

Ex 3 nmap -F 192.168.2.32

-F: Fast mode - Scan fewer ports than the default scan
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)