Nmap is a veritable tool-shed of functionality to perform network scans. It can used for security scans, simply to identify what services a host is running, to 'fingerprint' the operating system and applications on a host,the type of firewall a host is using, or to do a quick inventory of a local network.
To show the the lab I am using VM connect with Windows XP ( target machine) and Kali Linux (hacker machine)
The main goal of this lab is to cover the following tasks:
The main goal of this lab is to cover the following tasks:
-Host discovery
-Scanning for open ports
-Service and version detection
-OS detection
WinXP - IP :192.168.0.108
Kali Linux - IP : 192.168.0.109
Scan Types :
a) nmap 192.168.0.108 ( a single host or subnet eg. /24)
c) nmap -O 192.168.0.108(os detection)
e) -sS : Half open scan - used to bypass firewall rules,logging mechanism and hide as usual network traffic
f) -sX : Xmas scan send a TCP frame with URG, ACK, RST, SYN and FIN flag
g) -sF : FIN scan send a TCP frame with a FIN flag set.
h) -sN : NULL scan send a TCP packet with NO flag set
i) -f : The TCP header is split up into several packets so that the packet filters are not able to detect what the packet intend to do,
j) -sU : UDP scan send a 0-byte UDP packet to a PORT
k) -sP : Determine the live hosts from a range of IP addresses by sending ICMP ECHO request to multiple hosts.
l ) Outputting Logs :-
-oN : outputs a human readable log - Plain text (eg : nmap -v -oN normal.nmap)
-oX : outputs an XML Log
-oG : outputs a grepable log
-oA : option outputs in all 3 formats with same name
No comments:
Post a Comment