Thursday, September 13, 2012

IP and Port scanning using ‘nmap (Network Mapper)’ in Ubuntu

Nmap is a powerful scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine again single hosts.

It’s very easy to install nmap in Ubuntu, just download from the internet.

sudo apt-get install nmap

In this practice, I used 2 computer.

PC-01, IP = 192.168.0.3 (OpenSuse 10.1) with Kernel 2.6.16.13-4-default


PC-02, IP = 192.168.0.2 (Ubuntu Feisty)


I run nmap from Ubuntu to scan PC-01.

IP Scanning with range 192.168.0.0 – 192.168.0.255sudo nmap -sP 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:51 WIT

Host 192.168.0.2 appears to be up.

caught SIGINT signal, cleaning up



IP Scanning with range 192.168.0.1 – 192.168.0.254

sudo nmap -sP 192.168.0.1-254


Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:53 WIT

Host 192.168.0.2 appears to be up.

Host 192.168.0.3 appears to be up.

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Nmap finished: 255 IP addresses (2 hosts up) scanned in 31.242 seconds


Port Scanning with range port 100 – port 139

sudo nmap 192.168.0.3 -p100-139


Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:06 WIT

Interesting ports on 192.168.0.3:

Not shown: 38 filtered ports

PORT STATE SERVICE

113/tcp closed auth

139/tcp open netbios-ssn

Nmap finished: 1 IP address (1 host up) scanned in 24.914 seconds


For 40 ports, it took almost 25 seconds, so it will take much longer if you want to scan from 1-65535 (all ports in a computers).

Scanning Operating system on target IP

sudo nmap -O 192.168.0.3


Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:20 WIT

Interesting ports on 192.168.0.3:

Not shown: 1693 filtered ports

PORT STATE SERVICE

80/tcp open http

113/tcp closed auth

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|specialized|WAP|storage-misc

Running (JUST GUESSING):Linux 2.6.X|2.4.X (97%), Atmel Linux 2.6.X (91%), Siemens linux (91%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Inventel embedded (88%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (91%), Siemens Gigaset SE515dsl wireless broadband router (91%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in94.942 seconds

nmap Faster Execution


If you want to make faster scan, use-T4option on nmap command..

$sudo nmap -A -T4 192.168.0.3


Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:42 WIT

Interesting ports on 192.168.0.3:

Not shown: 1693 filtered ports

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.0 ((Linux/SUSE))

113/tcp closed auth

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|WAP|specialized|storage-misc|broadband router

Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Siemens linux (93%), Atmel Linux 2.6.X (92%), Inventel embedded (89%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Netgear embedded (87%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Siemens Gigaset SE515dsl wireless broadband router (93%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (93%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (92%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in 58.830 seconds

No comments:

Post a Comment