How Nmap (Network Mapper) Works: Network Mapping & Security Vulnerability Detection

A-digital-illustration-featuring-a-variety-of-networking-tools-all-labeled
02/14/2024 •

Definition – Nmap (Network Mapper)

Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It was created by Gordon Lyon and is widely used by network administrators and security professionals to identify devices on a network, discover services, and detect security vulnerabilities.

How Nmap (Network Mapper) Works

Nmap sends specially crafted packets to the target host(s) and analyzes the responses. The process can reveal details such as:

  • The presence of hosts.
  • Open ports and the services running on them.
  • Operating system and software versions.
  • Network configurations and security settings.

Common Use Cases of Nmap (Network Mapper)

  1. Security Auditing: Identifies potential vulnerabilities in a network.
  2. Network Inventory: Maps out all devices and services on a network.
  3. Monitoring Host or Service Uptime: Tracks the availability and performance of network services.
  4. Penetration Testing: Assesses the security of systems by simulating attacks.

nmap provides a wide range of options that allow users to customize their scans based on specific requirements. Here are some commonly used options:

Key Features of Nmap

Host Discovery: Determines which devices are up and running on a network.

    Host Discovery Options:

    1. -sn (No Port Scan):
      • Performs host discovery without actually scanning for open ports.
        nmap -sn 192.168.1.0/24

    1. -Pn (No Ping):
      • Treats all hosts as online and skips host discovery.
        nmap -Pn 192.168.1.1

    1. -PE/-PP/-PM (ICMP Echo, Timestamp, and Netmask Requests):
      • Specify ICMP probes for host discovery.
        nmap -PE 192.168.1.1

    Port Scanning: Identifies open ports on a device, indicating which services are available.

      Port Scanning Options:

      1. -p (Port Specification):
        • Specifies the ports to be scanned.
          nmap -p 1-100 192.168.1.1

      1. -sS (TCP SYN Scan):
        • Stealthy and faster port scan.
          nmap -sS 192.168.1.1

      1. -sT (TCP Connect Scan):
        • Completes the TCP handshake, more reliable but less stealthy.
          nmap -sT 192.168.1.1

      1. -sU (UDP Scan):
        • Identifies open UDP ports.
          nmap -sU 192.168.1.1

      Service and Version Detection: Discovers detailed information about the services running on open ports, including software versions.

        Service Version Detection Options:

        1. -sV (Version Detection):
          • Attempts to determine service versions.
            nmap -sV 192.168.1.1

        1. –version-intensity [level]:
          • Adjusts the intensity of version detection.
            nmap --version-intensity 2 192.168.1.1

        OS Detection: Determines the operating system running on a device.

          Operating System Detection Options:

          1. -O (OS Detection):
            • Attempts to determine the operating system of the target.
              nmap -O 192.168.1.1

          1. –osscan-limit / –osscan-guess:
            • Controls the aggressiveness of OS detection.
              nmap --osscan-limit 192.168.1.1

          Scriptable Interaction: Uses Nmap Scripting Engine (NSE) to automate tasks such as vulnerability detection and security auditing.

            Scripting Engine Options:

            1. –script:
              • Runs specific NSE scripts.
                nmap --script=http-enum 192.168.1.1

            1. –script-args:
              • Provides arguments to NSE scripts.
                nmap --script-args http-enum.path=/admin 192.168.1.1

            Network Mapping: Creates visual maps of networks to understand their structure and connectivity.

              Output and Reporting Options:

              1. -oN / -oX / -oG (Output Formats):
                • Specifies the format for saving scan results (Normal, XML, Grepable).
                  nmap -oN output.txt 192.168.1.1

              1. –append-output:
                • Appends to the output file rather than overwriting.
                  nmap -oN output.txt --append-output 192.168.1.2

              Miscellaneous Options:

              1. -v (Verbose):
                • Increases verbosity of the output.
                  nmap -v 192.168.1.1

              1. -iL (Input from List):
                • Reads target specifications from a file.
                  nmap -iL targets.txt

              1. -A (Aggressive Scan):
                • Enables OS detection, version detection, script scanning, and traceroute.
                  nmap -A 192.168.1.1

              These are just a subset of the many options available in nmap. For a comprehensive list of options and their descriptions, you can refer to the nmap man page by running man nmap in the terminal. Always use nmap responsibly and ensure you have proper authorization before scanning any network.

              Nmap is a powerful and versatile tool, but it should be used responsibly and with proper authorization, as unauthorized scanning can be considered illegal and intrusive.

              https://nmap.org

              https://sanchitgurukul.com/basic-networking

              https://sanchitgurukul.com/network-security

              Tutorial
              How To
              Disclaimer: This article may contain information that was accurate at the time of writing but could be outdated now. Please verify details with the latest vendor advisories or contact us at admin@sanchitgurukul.com.

              Discover more from

              Subscribe now to keep reading and get access to the full archive.

              Continue reading