SENG 460 ECE 574 Practice of Information Security ...web.uvic.ca/~garyperkins/Lab 4 - Intro to Nmap.pdf · Network Mapping Nmap is a popular tool for identifying ports in remote systems
Post on 01-Jun-2020
9 Views
Preview:
Transcript
SENG 460 – ECE 574
Practice of Information Security
& Privacy Lab
NMAP
Network Mapping
▪ Nmap is a popular tool for identifying ports in remote systems
▪ can help network, security, and developers understand how systems work
and what ports are open
▪ can scan one or many hosts with a variety of options
▪ DISCLAIMER: do not scan hosts you are not authorized to scan
Installation
▪ Nmap may not be installed on your linux system so use:
▪ sudo apt-get install nmap
▪ Nmap is also available for Windows
Nmap
▪ you can type “nmap” by itself
or “man nmap” to get help with
nmap and many parameters
▪ nmap scanme.nmap.org
scans for common ports on the specified host and identifies which ports are
open or filtered
▪ filtered means there may be a firewall in the way and nmap cannot be sure
▪ by default nmap tries to determine if the host is alive and will scan only the
most common ports
▪ nmap –Pn –p80 www.yahoo.com will disable host discovery (-Pn) and scan
Yahoo only for port 80 (-p80)
▪ scan IP addresses
▪ scan networks
▪ nmap 192.168.1.1 scan one IP
▪ nmap 192.168.1.1 192.168.1.3 scan two IPs
▪ nmap 192.168.1.1-10 scan ten IPs
▪ nmap 192.168.1.0/24 scan 255 IPs
▪ nmap –IL file.txt scan all hosts in file.txt
▪ nmap 192.168.1.1 –open only list open ports
▪ nmap -A -T4 192.168.1.1 scan with OS detection fast
▪ nmap -sV 192.168.1.1 detect server, service versions ▪ nmap –oN / -oX / -oS / -oG <file> output scan normal, XML, script
kiddie, and greppable
▪ you can use scripts with nmap to do basic vulnerability scanning
▪ eg. nmap –Pn –script vuln 192.168.1.1
Knowledge Check1. do you know what nmap is for?
2. do you know how to install nmap?
3. can you scan one IP? multiple IPs? networks?
4. can you limit the number of ports scanned?
5. do you understand you should only scan hosts you’re authorized to scan?
6. do you know how to identify operating systems?
7. do you know how to set the format of the output?
8. do you know how to limit how fast the nmap scan completes?
9. do you know how to use nmap to scan for vulnerabilities?
End of Lab
top related