Scribd
Upload
221 views22 pages

Nmap Scanning: Andrew Fiade Andrew - Fiade@uinjkt - Ac.id

Nmap is an open source tool used to scan networks and systems to determine available hosts, services offered, operating systems and versions running, firewalls in use, and other characteristics. It is commonly used for security audits and network administration tasks like inventory, change management, and monitoring. The document provides examples of using Nmap to scan single IPs, ranges, subnets, read from files, exclude hosts, detect operating systems, check for firewalls, scan IPv6 addresses, discover active devices on a network, perform fast scans, identify port states, and scan firewalls for MAC spoofing.

Uploaded by

Muhamad Arif Rohman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
221 views22 pages

Nmap Scanning: Andrew Fiade Andrew - Fiade@uinjkt - Ac.id

Nmap is an open source tool used to scan networks and systems to determine available hosts, services offered, operating systems and versions running, firewalls in use, and other characteristics. It is commonly used for security audits and network administration tasks like inventory, change management, and monitoring. The document provides examples of using Nmap to scan single IPs, ranges, subnets, read from files, exclude hosts, detect operating systems, check for firewalls, scan IPv6 addresses, discover active devices on a network, perform fast scans, identify port states, and scan firewalls for MAC spoofing.

Uploaded by

Muhamad Arif Rohman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

Nmap Scanning

Andrew Fiade
[email protected]

Resource
Google keyword: nmap tutorial

Definisi
Nmap (Network Mapper) is an open source tool for network
exploration and security auditing. It was designed to rapidly
scan large networks, although it works fine against single
hosts. Nmap uses raw IP
packets in novel ways to determine what hosts are available
on the network, what services (application name and version)
those hosts are offering, what operating systems (and OS
versions) they are
running, what type of packet filters/firewalls are in use, and
dozens of other characteristics. While Nmap is commonly
used for security audits, many systems and network
administrators find it useful for routine
tasks such as network inventory, managing service upgrade
schedules, and monitoring host or service uptime.

Scan Single IP

Scan a single host or an IP address (IPv4)


### Scan a single ip address ###
nmap 192.168.1.1
## Scan a host name ###
nmap server1.cyberciti.biz
## Scan a host name with more

Scan multiple IP address or


subnet (IPv4)

nmap 192.168.1.1 192.168.1.2 192.168.1.3


## works with same subnet i.e. 192.168.1.0/24
nmap 192.168.1.1,2,3
You can scan a range of IP address too:
nmap 192.168.1.1-20
You can scan a range of IP address using a
wildcard:
nmap 192.168.1.*
Finally, you scan an entire subnet:
nmap 192.168.1.0/24

Read list of hosts/networks


from a file (IPv4)

cat > /tmp/test.txt


Sample outputs:
server1.cyberciti.biz
192.168.1.0/24
192.168.1.1/24
10.1.2.3
localhost
The syntax is:
nmap -iL /tmp/test.txt

Excluding hosts/networks
(IPv4)
When scanning a large number of hosts/networks
you can exclude hosts from a scan:
nmap 192.168.1.0/24 --exclude 192.168.1.5
nmap 192.168.1.0/24 --exclude
192.168.1.5,192.168.1.254
OR exclude list from a file called /tmp/exclude.txt
nmap -iL /tmp/scanlist.txt --excludefile
/tmp/exclude.txt

Turn on OS and version


detection scanning script (IPv4)
nmap -A 192.168.1.254
nmap -v -A 192.168.1.1
nmap -A -iL /tmp/scanlist.txt

Find out if a host/network is


protected by a firewall
nmap -sA 192.168.1.254
nmap -sA server1.cyberciti.biz

Scan a host when protected by


the firewall
nmap -PN 192.168.1.1
nmap -PN server1.cyberciti.biz

Scan an IPv6 host/address

The -6 option enable IPv6 scanning. The syntax is:


nmap -6 IPv6-Address-Here
nmap -6 server1.cyberciti.biz
nmap -6 2607:f0d0:1002:51::4
nmap -v A -6 2607:f0d0:1002:51::4

Scan a network and find out which servers


and devices are up and running

This is known as host discovery or ping scan:


nmap -sP 192.168.1.0/24
Sample outputs:
Host 192.168.1.1 is up (0.00035s latency).
MAC Address: BC:AE:C5:C3:16:93 (Unknown)
Host 192.168.1.2 is up (0.0038s latency).
MAC Address: 74:44:01:40:57:FB (Unknown)
Host 192.168.1.5 is up.
Host nas03 (192.168.1.12) is up (0.0091s latency).
MAC Address: 00:11:32:11:15:FC (Synology Incorporated)
Nmap done: 256 IP addresses (4 hosts up) scanned in
2.80 second

How do I perform a fast scan?


nmap -F 192.168.1.1

Display the reason a port is in


a particular state
nmap --reason 192.168.1.1
nmap --reason server1.cyberciti.biz

Scan a firewall for MAC address


spoofing
### Spoof your MAC address ##
nmap --spoof-mac MAC-ADDRESS-HERE
192.168.1.1
### Add other options ###
nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE
192.168.1.1
### Use a random MAC address ###
### The number 0, means nmap chooses a
completely random MAC address ###
nmap -v -sT -PN --spoof-mac 0 192.168.1.1

You might also like