Nmap is a powerful scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine again single hosts.
It’s very easy to install nmap in Ubuntu, just download from the internet.
sudo apt-get install nmap
In this practice, I used 2 computer.
I run nmap from Ubuntu to scan PC-01.
IP Scanning with range 192.168.0.0 – 192.168.0.255sudo nmap -sP 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:51 WIT
Host 192.168.0.2 appears to be up.
caught SIGINT signal, cleaning up
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:53 WIT
Host 192.168.0.2 appears to be up.
Host 192.168.0.3 appears to be up.
MAC Address: 00:0D:88:B3:72:F3 (D-Link)
Nmap finished: 255 IP addresses (2 hosts up) scanned in 31.242 seconds
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:06 WIT
Interesting ports on 192.168.0.3:
Not shown: 38 filtered ports
PORT STATE SERVICE
113/tcp closed auth
139/tcp open netbios-ssn
Nmap finished: 1 IP address (1 host up) scanned in 24.914 seconds
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:20 WIT
Interesting ports on 192.168.0.3:
Not shown: 1693 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0D:88:B3:72:F3 (D-Link)
Device type: general purpose|specialized|WAP|storage-misc
Running (JUST GUESSING):Linux 2.6.X|2.4.X (97%), Atmel Linux 2.6.X (91%), Siemens linux (91%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Inventel embedded (88%)
Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (91%), Siemens Gigaset SE515dsl wireless broadband router (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in94.942 seconds
If you want to make faster scan, use-T4option on nmap command..
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:42 WIT
Interesting ports on 192.168.0.3:
Not shown: 1693 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.0 ((Linux/SUSE))
113/tcp closed auth
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
MAC Address: 00:0D:88:B3:72:F3 (D-Link)
Device type: general purpose|WAP|specialized|storage-misc|broadband router
Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Siemens linux (93%), Atmel Linux 2.6.X (92%), Inventel embedded (89%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Netgear embedded (87%)
Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Siemens Gigaset SE515dsl wireless broadband router (93%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (93%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (92%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 58.830 seconds
It’s very easy to install nmap in Ubuntu, just download from the internet.
sudo apt-get install nmap
In this practice, I used 2 computer.
PC-01, IP = 192.168.0.3 (OpenSuse 10.1) with Kernel 2.6.16.13-4-default
PC-02, IP = 192.168.0.2 (Ubuntu Feisty)
I run nmap from Ubuntu to scan PC-01.
IP Scanning with range 192.168.0.0 – 192.168.0.255sudo nmap -sP 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:51 WIT
Host 192.168.0.2 appears to be up.
caught SIGINT signal, cleaning up
IP Scanning with range 192.168.0.1 – 192.168.0.254
sudo nmap -sP 192.168.0.1-254
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:53 WIT
Host 192.168.0.2 appears to be up.
Host 192.168.0.3 appears to be up.
MAC Address: 00:0D:88:B3:72:F3 (D-Link)
Nmap finished: 255 IP addresses (2 hosts up) scanned in 31.242 seconds
Port Scanning with range port 100 – port 139
sudo nmap 192.168.0.3 -p100-139
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:06 WIT
Interesting ports on 192.168.0.3:
Not shown: 38 filtered ports
PORT STATE SERVICE
113/tcp closed auth
139/tcp open netbios-ssn
Nmap finished: 1 IP address (1 host up) scanned in 24.914 seconds
For 40 ports, it took almost 25 seconds, so it will take much longer if you want to scan from 1-65535 (all ports in a computers).
Scanning Operating system on target IP
sudo nmap -O 192.168.0.3
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:20 WIT
Interesting ports on 192.168.0.3:
Not shown: 1693 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0D:88:B3:72:F3 (D-Link)
Device type: general purpose|specialized|WAP|storage-misc
Running (JUST GUESSING):Linux 2.6.X|2.4.X (97%), Atmel Linux 2.6.X (91%), Siemens linux (91%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Inventel embedded (88%)
Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (91%), Siemens Gigaset SE515dsl wireless broadband router (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in94.942 seconds
nmap Faster Execution
If you want to make faster scan, use-T4option on nmap command..
$sudo nmap -A -T4 192.168.0.3
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:42 WIT
Interesting ports on 192.168.0.3:
Not shown: 1693 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.0 ((Linux/SUSE))
113/tcp closed auth
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
MAC Address: 00:0D:88:B3:72:F3 (D-Link)
Device type: general purpose|WAP|specialized|storage-misc|broadband router
Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Siemens linux (93%), Atmel Linux 2.6.X (92%), Inventel embedded (89%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Netgear embedded (87%)
Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Siemens Gigaset SE515dsl wireless broadband router (93%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (93%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (92%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 58.830 seconds
No comments:
Post a Comment