Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ana Chanaba Robert Huylo

Published byChristine Sutton Modified over 8 years ago

Similar presentations

Presentation on theme: "Ana Chanaba Robert Huylo"— Presentation transcript:

1 Ana Chanaba Robert Huylo
NMAP Ana Chanaba Robert Huylo

2 nmap “network mapper” Security tool nmapFE v3.81
- What does your system look like to someone who is trying to break in - Find the holes in your security before somebody else does nmapFE v3.81 - graphical frontend to nmap - rpm available at - lab102 & lab103

3 Basic nmap functions 1.) Host Discovery 2.) Port Scanning
- Which hosts are up (IP Addresses) - Ping scans 2.) Port Scanning - Which ports of a target host have servers listening on them - Allows a guess of software and services a machine is running 3.) OS Detection - TCP/IP fingerprinting

4 Anatomy of nmap argument
nmap –sS -PO -O -p * -s_ : Scan type -P_ : Ping type -O : Optional OS detection -p #-# : port range IP range: /24,

5 1.) Host Discovery Determine which hosts are up Firewall interference
- Does not include port scans or OS detection nmap –sP * - Utilizes variety of messaging protocols - ICMP/TCP/UDP Firewall interference - Firewalls check to see if packets are part of a previously established connection Used before portscan - Ping sweep (-sP) - Check to see if host is up before scanning ports

6 Customizing Pings -PO : ICMP -PA : TCP ACK -PU : UDP
-PP : ICMP timestamp -PM : Netmask request -PS : TCP SYN -PB : (default) TCP ACK & ICMP Ping specific ports: nmap –sP –PO25 ….

7 2.) Port Scanning Insight to what services a host may be running
“Well-known” or “Interesting” ports - 65,535 total TCP & UDP ports Scan displays (for each port) Service name Port number Port State Protocol

8 Scanning Options nmap –sS … - TCP SYN scan
- default port scan for nmap user with root privileges - “half-open” – skips last step of 3-way handshake and probes without actual connection for stealth nmap –sT … - TCP connect() scan - default port scan for default nmap user - requires full connection – easily detectable

9 Port States open: will accept connections
filtered: firewall or other network obstacle is covering port unfiltered or closed: determined to be closed with no obstacles or interference - most common case

10 Scanning Options Avoid SYN scanning to probe beyond firewall
-sF : Stealth FIN scan -sX : Xmas tree scan -sN : Null scan -sV : Version detection -sU : UDP scan -sI : Idlescan -sA : ACK scan -b : bounce attack (FTP)

11 3.) OS Detection nmap –O … TCP/IP fingerprinting
OS guess made by looking at the particulars of how a host implements TCP/IP - Includes possible range of versions and “uptime” test Fingerprint compared to DB of known OS fingerprints Nmap sends seven TCP/IP crafted packets (called tests) and waits for the answer. Results are checked against a database of known results (OS signatures database). This database is a text file that contains the result answered (signature) by each OS known.

12 OS Detection Reasons to hide OS
Security: Hacker could base an attack on a host from known weaknesses in the target OS Revealing your OS makes things easier to find and successfully run an exploit against any of your devices. Knowing your OS can also become more dangerous, because people can guess which applications are you running in that OS It could be convenient for other software companies, to offer you a new OS environment

13 OS Detection Many techniques to fingerprint networking stacks. If you combine enough of these. You can narrow down the OS very tightly. You can start out as simply as "nmap -O -sS targethost".

14 OS Detection -O requires root privileges, it uses this information to create a fingerprint, and decide what type of system you are scanning. OS detection is far more effective if at least one open and one close TCP port are found.

15 Miscellaneous options
-A which turn on OS detection too. -F tells nmap to scan only ports registered in nmap-services. -T4 causes nmap to go faster. -I gives the username that owns available processes -iR Use this command to instruct nmap to scan random hosts for you.

16 Misc. Options -v verbose This is a highly recommended option and it gives out more information. You can use it twice for better effects. -d debug mode -p : port range, what ports you want to specify -T : scan timing or throttling options <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> - Addresses concerns about detection and crashing host

17 OS DETECTION nmap -0 134.198.161.254 nmap -A -T4 -F 134.198.161.101
RPC services are treated with brute force. RPC scanner to determine version. nmap -sS -p 80 -O -v

18 References nmap & nmapFE man pages www.insecure.org Text Chp 21.7

Download ppt "Ana Chanaba Robert Huylo"

Similar presentations

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Computer Security Fundamentals

Computer Security Fundamentals
Nmap Experiment.

Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.

Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.

1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Similar presentations

Ads by Google