ping scan
nmap -v -sP 192.168.2.0/24 or nmap -sP 192.168.2.*
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:17 IST
Initiating Ping Scan at 10:17
Scanning 256 hosts [1 port/host]
Completed Ping Scan at 10:17, 0.61s elapsed (256 total hosts)
Initiating Parallel DNS resolution of 256 hosts. at 10:17
Completed Parallel DNS resolution of 256 hosts. at 10:17, 13.63s elapsed
Host 192.168.2.0 appears to be down.
Host 192.168.2.1 appears to be up.
Host 192.168.2.2 appears to be down.
Host 192.168.2.3 appears to be down.
Host 192.168.2.4 appears to be down.
UDP scan
sudo nmap -v -sU 192.168.2.0/24
T.C.P connect scan
Ex:-
sudo nmap -sT -p 80 192.168.2.42
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:24 IST
Interesting ports on 192.168.2.42:
PORT STATE SERVICE
80/tcp closed http
MAC Address: 00:1B:38:7D:84:A4 (Compal Information (kunshan) CO.)
Nmap done: 1 IP address (1 host up) scanned in 0.601 seconds
Ex:- nmap -sT 192.168.2.1-254 -p 1433-1435
syn stealth scan
Ex:- sudo nmap -sS -v 192.168.2.42
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:25 IST
Initiating ARP Ping Scan at 10:25
Scanning 192.168.2.42 [1 port]
Completed ARP Ping Scan at 10:25, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:25
Completed Parallel DNS resolution of 1 host. at 10:25, 0.31s elapsed
Initiating SYN Stealth Scan at 10:25
Scanning 192.168.2.42 [1714 ports]
Completed SYN Stealth Scan at 10:26, 33.22s elapsed (1714 total ports)
Host 192.168.2.42 appears to be up ... good.
All 1714 scanned ports on 192.168.2.42 are filtered (1652) or closed (62)
MAC Address: 00:1B:38:7D:84:A4 (Compal Information (kunshan) CO.)
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 33.809 seconds
Raw packets sent: 3373 (148.410KB) | Rcvd: 63 (2894B)
NB:- syn scan is used when you dont want much traffic sent
O.S Detection scan
Ex:- sudo nmap -O --vv 192.168.2.0/24
nmap -O -v 127.0.0.1
nmap -v -sP 192.168.2.0/24 or nmap -sP 192.168.2.*
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:17 IST
Initiating Ping Scan at 10:17
Scanning 256 hosts [1 port/host]
Completed Ping Scan at 10:17, 0.61s elapsed (256 total hosts)
Initiating Parallel DNS resolution of 256 hosts. at 10:17
Completed Parallel DNS resolution of 256 hosts. at 10:17, 13.63s elapsed
Host 192.168.2.0 appears to be down.
Host 192.168.2.1 appears to be up.
Host 192.168.2.2 appears to be down.
Host 192.168.2.3 appears to be down.
Host 192.168.2.4 appears to be down.
UDP scan
sudo nmap -v -sU 192.168.2.0/24
T.C.P connect scan
Ex:-
sudo nmap -sT -p 80 192.168.2.42
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:24 IST
Interesting ports on 192.168.2.42:
PORT STATE SERVICE
80/tcp closed http
MAC Address: 00:1B:38:7D:84:A4 (Compal Information (kunshan) CO.)
Nmap done: 1 IP address (1 host up) scanned in 0.601 seconds
Ex:- nmap -sT 192.168.2.1-254 -p 1433-1435
syn stealth scan
Ex:- sudo nmap -sS -v 192.168.2.42
Starting Nmap 4.53 ( http://insecure.org ) at 2009-03-03 10:25 IST
Initiating ARP Ping Scan at 10:25
Scanning 192.168.2.42 [1 port]
Completed ARP Ping Scan at 10:25, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:25
Completed Parallel DNS resolution of 1 host. at 10:25, 0.31s elapsed
Initiating SYN Stealth Scan at 10:25
Scanning 192.168.2.42 [1714 ports]
Completed SYN Stealth Scan at 10:26, 33.22s elapsed (1714 total ports)
Host 192.168.2.42 appears to be up ... good.
All 1714 scanned ports on 192.168.2.42 are filtered (1652) or closed (62)
MAC Address: 00:1B:38:7D:84:A4 (Compal Information (kunshan) CO.)
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 33.809 seconds
Raw packets sent: 3373 (148.410KB) | Rcvd: 63 (2894B)
NB:- syn scan is used when you dont want much traffic sent
O.S Detection scan
Ex:- sudo nmap -O --vv 192.168.2.0/24
nmap -O -v 127.0.0.1
Other examples
nmap -v scanme.nmap.org
This option scans all reserved TCP ports on the machine
scanme.nmap.org . The -v option enables verbose mode.
Launches a stealth SYN scan against each machine that is up out of the 256 IPs on the class C sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.
Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.
Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with
-Pn since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.
This scans 4096 IPs for any web servers (without pinging them) and saves the output in grepable and XML formats.
No comments:
Post a Comment