NMAP functions

1. Port scanning
2. Host or device detection
3. Service detection
4. OS fingerprinting
5. Multi target scanning

Tasks:
1. Install Nmap (yum search and yum install)
2. Explore package
a) ‘/usr/bin/nmap’ – primary binary
b) ‘/usr/share/nmap/nmap-services’ – translates well known ports to service names similar to /etc/services
c) ‘/usr/share/nmap/nmap-protocols’ – translates IP protocols to names
d) ‘/usr/share/nmap/nmap-mac-prefixes’ – shows information on Mac address manufacturer and mac id prefix

3. Use Nmap
a) # nmap -v 192.168.3.7
v=verbose output

b) If you want to perform for entire subnet then we can do
# nmap -v 192.168.75.0/24
NOTE: As ‘root’ user ‘nmap’ executes ‘TCP:SYN’ scans – half open connections
NOTE: As non-privileged user ‘nmap’ executes ‘TCP:CONNECT’ scans – full connection

c) # nmap -v -sP 192.168.75.20
The ‘sP’ option does a ping scan which is generally much faster than other scans. If the ping is successfull then you will also get to know the MAC address of the target.

d) # nmap -v -sV 192.168.75.20
The ‘sV’ option is the service scan option. This option takes a longer time compared to others but gives us port information, version of applications running behind those ports.