Discover Nmap, a command line security scanner built into Kali Linux. Lisa Bock reviews some common Nmap scans and options along with discovery scans such as ping, protocol, and list scans. Follow along with a short demo in the virtual environment with output to a text file, along with a demo of nmap online.
- [Voiceover] Nmap is a security scanner that is built into Kali Linux. Nmap scans the network to discover hosts and services and charge the network and devices that are alive. Nmap natively doesn't create a map as it is a command line tool. There are options that are graphical instead of a command line interface. Zenmap is the sister product that has all the functionality of Nmap but uses a GUI. I'll go over some common Nmap scans and options but a helpful reference can be found from the Nmap book here at this webpage.
Here are some shortcuts that you can see for host discovery, scanning techniques, and service and version detection. With a simple host discovery or ping scan we can see the syntax in order for us to run that. Nmap is going to let you know the status as it searches. In addition, the NIC vendor is listed if known. As knowing the vendor can be helpful as some NIC cards have vulnerabilities. It can also identify a passable network device such as a Cisco router.
Now how it knows, well it comes from a plain text file and it is easily searchable as well. For example, I'll go to this website. This will give us an ability to see a list of vendors. Remember the first six digits of the MAC address will list the organizationally unique identifier or the manufacturer. I'll put in the first six digits of one of the addresses and it tells us Cisco is a vendor. Nmap has several standard formats.
We can see capital P is simply Ping, capital O lists protocols, capital V is a probe that checks open ports and determines the service or version information, and capital L is a list scan. It's not really a scan but provides some testing capabilities by listing the range of IP addresses that would be scanned. As sometimes Nmap results can be overwhelming, we can save the output to a text file. So let's go into Nmap.
I have to log in and the password is tour, which is opposite of route. I'll open a terminal and we'll scan this little network that I've created in the virtualized environment. And I'll use CIDR notation as I know the subnet mask. Okay, it is complete and as you can see we only have a couple of hosts that are available at this point. Five hosts are up and it's given me the results. As I said, sometimes the results can be overwhelming and in this case it isn't.
But we'll just send it out to a text document. I'll put the single IP address in the Windows machine I have on this network. Then we wanna output it to scan.text. It will take a second to run and you won't see any activity 'cause it's simply outputting it to scan.text. Okay, it's done. I've opened up my files and there is that text document and as I said this is really helpful as sometimes the output can be very verbose.
And for those of you that are curious and would like to follow along and have installed Kali Linux I do have Nmap online port scanner. Now again, this is going to be an online scan. It's a simplified quick Nmap scan and only scan networks that you're authorized to scan. I'll simply scan an example.com and do the quick Nmap scan and here we have our sample output which actually this did have the example.com server.
And you can see the output. So as you can see, Nmap is a great security scanner which is built into Kali Linux. But if you want you can do a one-stop shop right here and do the Nmap online port scanning.
This course investigates the scanning tools and techniques used to obtain information from a target system, including specially crafted packets, TCP flags, UDP scans, and ping sweeps. Lisa Bock discusses how hackers can identify live systems via protocols, blueprint a network, and perform a vulnerability scan to find weaknesses. She also introduces some of the tools and techniques that hackers use to counter detection via evasion, concealment, and spoofing. In addition, learn how to reduce the threat of tunneling, a method hackers use to circumvent network security.
Note: Our Ethical Hacking series maps to the 18 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312_50). This course maps to the 03 Scanning Networks domain.
- Scanning overview
- Port scanning countermeasures
- Scanning and querying DNS
- Scanning with ICMP
- Mapping (or blueprinting) a network
- Scanning for vulnerabilities
- Using tools such as hping and NetScan
- Evading detection
- Concealing your network traffic
- Preventing tunneling