NMAP - Playing Hide and Seek with Your Network

byCyberD -

NMAP Mastery

nmap-guide-cyber-dioxide

NMAP aka Network Map, as its name form suggests, so do its functionality. It is an open-source command line tool that is used to scan IP addresses and open ports in a network. And as we are talking about ports you can also get the running web applications or identify protocols from port.

While starting journey in Cyber Security, every individual masters networking concepts and for experiments and bug hunting, utilizes tools like NMAP in first place.

Why NMAP? Your Network's Best Friend

Ever felt lost trying to understand your network? That's where NMAP comes in. It's like having a friend who knows all the secrets of your network or web apps. But why bother with NMAP?

Here's the deal , NMAP helps you see what's going on in your network. It's not just for tech geeks it's for anyone who wants to keep their digital stuff safe and want to get insights of their network. Think of it as your digital guide, showing you who's connected to your network and if there are any sneaky threats lurking around.

Exploring Different Types of Scans

Let's take a quick look at what NMAP offers. Just like a Swiss Army knife for network exploration, NMAP boasts a variety of scan types, each tailored to bring specific aspects of your network's landscape. From the stealthy to the comprehensive, these scans serve as your digital toolkit for understanding and securing your network.

  • TCP Connect Scan
  • SYN Stealth Scan (Half-Open Scan)
  • UDP Scan
  • ACK Scan
  • XMAS Scan
  • Idle Scan (Zombie Scan)

TCP Connect Scan:

The TCP Connect Scan is perhaps the most straightforward and commonly used scan in NMAP. It operates by attempting to establish a full TCP connection with the target ports on the specified target host. This scan sends a SYN packet to the target port, and if the port is open, the target system responds with a SYN-ACK packet, indicating that the port is open and ready for communication. However, if the port is closed, the system responds with a RST (reset) packet, indicating that no service is available on that port.TCP 3-way handshake 

To perform a TCP Connect Scan using NMAP, you can use the following command:

nmap -sT [target]

Replace [target] with the IP address or hostname of the target system.

 nmap -sT 192.168.1.100

SYN Stealth Scan

The SYN Stealth Scan, also known as the Half-Open Scan, takes a stealthier approach compared to the TCP Connect Scan. Instead of completing the full TCP handshake, this scan sends SYN packets to the target ports and waits for responses. If a SYN-ACK packet is received, indicating an open port, NMAP immediately sends a RST packet to tear down the connection without completing it, thereby minimizing the chances of detection by intrusion detection systems and firewalls. If a RST packet is received in response, indicating a closed port, NMAP notes it as such. This scan provides valuable insights into open ports without alerting potential security measures.

To execute a SYN Stealth Scan using NMAP, you can utilize the following command:

 nmap -sS [target]

UDP Scan

The UDP Scan in NMAP is specifically designed to probe UDP (User Datagram Protocol) ports on a target system. Unlike TCP, UDP is connectionless, making it trickier to scan. NMAP sends UDP packets to the target ports and analyzes the responses. If a service is listening on the port and responds with a UDP packet, NMAP marks it as open. However, if there's no response or an ICMP unreachable message is received, the port is considered closed. This scan is crucial for discovering services that rely on UDP, such as DNS, DHCP, and SNMP.

To initiate a UDP Scan using NMAP, you can utilize the following command:

nmap -sU [target]

ACK Scan

The ACK Scan, another tool in NMAP's kit, serves a distinct purpose compared to traditional port scans. Instead of focusing on open ports, this scan targets filtering devices like firewalls. NMAP sends ACK (Acknowledgment) packets to the target ports and interprets the responses. If the port is unfiltered, meaning the ACK packet is not blocked, NMAP interprets it as a "reset" response, indicating an unfiltered port. However, if the port is filtered, meaning the ACK packet is blocked, no response is received, and NMAP marks it as filtered. This scan helps in understanding the filtering rules in place and identifying potential weaknesses in the network defenses.

To conduct an ACK Scan using NMAP, you can utilize the following command:

nmap -sA [target]

XMAS Scan

The XMAS Scan, named for its festive reference to the blinking lights of a Christmas tree, is a stealthy port scanning technique in NMAP's arsenal. This scan sets specific flags in TCP packets—URG, PSH, and FIN—to "on" simultaneously, resembling the lights on a decorated tree. By sending these packets to the target ports, NMAP aims to bypass simple firewall rules and identify open ports. If a port responds with no packet, it's considered open, while a RST (reset) packet indicates a closed port. This scan is effective for evading detection and uncovering potential vulnerabilities in a network's defenses.

To execute an XMAS Scan using NMAP, you can utilize the following command:

 nmap -sX [target]

Idle Scan

The Idle Scan, also known as the Zombie Scan, is a sophisticated and stealthy technique used in NMAP for port scanning. Unlike traditional scans where the packets are sent directly from the scanner to the target, the Idle Scan leverages a third-party system (referred to as a "zombie") to mask the true source of the scan. NMAP sends spoofed packets to the zombie, which then forwards them to the target, making it appear as if the packets originate from the zombie. By analyzing the responses from the target and the behavior of the zombie, NMAP can determine the status of the target's ports without directly interacting with it. This scan is highly effective for evading detection and is particularly useful in scenarios where the true source of the scan needs to remain anonymous.

To perform an Idle Scan using NMAP, you can utilize the following command:

 nmap -sI [zombie] [target]

Conclusion: 

Understanding your network is crucial for keeping it safe, and NMAP is like your trusty guide through its twists and turns. With its different scanning techniques, NMAP helps you see what's happening in your network, from open ports to potential threats.

Whether you're a tech expert or just someone curious about how networks work, NMAP gives you the tools to protect what's important to you. But remember, it's important to use NMAP responsibly and ethically. By doing so, we can all make our digital world a safer place for everyone.

Assistance

Need assistance or have questions? Contact our support team at saad@cyberdioxide.com. For community discussions and updates, join our Telegram chanel or follow us on instagram

Telegram

Telegram Channel

Tags:

CyberD

I'm a self taught master of all tech trades. I am programming since 6th grade. I'm an expert programmer in python. I've also learned and used other widely used languages like Golang, JS, Ruby , HTML , CSS , Bash , C, C++. I'm a self taught Cyber Security analyst and a Data Scientist. Worked with sklearn, pandas, matplotlib ,numpy. A life long learner and an influencer.

You might like

View all
Previous Post Next Post
Share to other apps
Copy Post Link