Network and Systems Scanning - Demo using NMAP - Kali Linux
What is Network Scanning?
Network scanning is the process of examining a computer network to gather information about its systems and services. This involves sending packets to network devices and analyzing the responses to identify active hosts, open ports, running services, and other details
Types of Network Scanning
- Port Scanning: This involves checking which ports on a host are open. Open ports indicate running services.
- Host Discovery: Identifies active devices on a network.
- Service Detection: Determines the type of service running on an open port.
- Operating System Detection: Identifies the operating system of a host.
- Vulnerability Scanning: Checks for known vulnerabilities in systems and applications.
Use of Network Scanning for Security Professionals
- Identify potential vulnerabilities
- Detect unauthorized devices
- Assess security posture
- Conduct penetration testing
Tools used for Network Scanning
Tool | Type | Description |
---|---|---|
Nmap | Open-Source | Versatile tool for host discovery, port scanning, service detection, and OS fingerprinting. |
Zenmap | Open-Source | Graphical user interface for Nmap. |
OpenVAS | Open-Source | Vulnerability scanner that can also perform network discovery and port scanning. |
Nessus | Commercial | Popular vulnerability scanner with network scanning capabilities. |
Nikto | Open-Source | Web server scanner that can also identify open ports and services. |
Angry IP Scanner | Open-Source | Fast and lightweight tool for discovering hosts on a network. |
Fping | Open-Source | Tool for pinging multiple hosts simultaneously. |
Wireshark | Open-Source | Primarily a packet analyzer, but can be used for network discovery and analysis. |
Qualys | Commercial | Offers a suite of vulnerability management and compliance solutions, including network scanning. |
Auvik | Commercial | Cloud-based network monitoring and management platform with scanning capabilities. |
SolarWinds Network Scanner | Commercial | Provides comprehensive network discovery and monitoring. |
ManageEngine OpUtils | Commercial | Offers network discovery, inventory management, and monitoring. |
Acunetix | Commercial | Primarily a web application scanner, but also includes network discovery features. |
BeyondTrust | Commercial | Offers remote access and privileged access management solutions with network scanning capabilities. |
Introduction to NMAP
Nmap(Network Mapper) is a powerful and versatile open-source tool used for network discovery and security auditing. It allows you to:
- Discover hosts: Identify active devices on a network.
- Detect services: Determine which services are running on those hosts.
- Identify operating systems: Determine the operating system of each host.
- Map network topology: Visualize the network structure.
- Perform vulnerability scans: Identify potential weaknesses in your network.
How NMAP Works?
Nmap sends specially crafted packets to target systems and analyzes the responses to gather information. It offers a wide range of scanning techniques, including
- Ping scans: Determine which hosts are alive on the network.
- Port scans: Identify open ports on target hosts.
- OS fingerprinting: Identify the operating system of target hosts.
- Service version detection: Determine the version of running services.
Brief look at NMAP Commands
Command | Description |
---|---|
nmap -h | Displays the Nmap help screen, providing information about available options and usage. |
nmap -V | Displays the Nmap version information. |
nmap 192.168.217.3 | Scans the host with IP address 192.168.217.3 for open ports and services. |
nmap 192.168.217.3 192.168.217.5 | Scans multiple hosts, 192.168.217.3 and 192.168.217.5, for open ports and services. |
nmap 192.168.217.3-5 | Scans a range of hosts from 192.168.217.3 to 192.168.217.5 for open ports and services. |
nmap 192.168.217.3,4,5 | Scans specific hosts 192.168.217.3, 192.168.217.4, and 192.168.217.5 for open ports and services. |
nmap 192.168.217.* | Scans all hosts in the 192.168.217.0 network for open ports and services. |
nmap 192.168.217.3-5 --exclude 192.168.217.4 | Scans hosts from 192.168.217.3 to 192.168.217.5, excluding 192.168.217.4. |
nmap -sL 192.168.217.1-5 | Performs a list scan on hosts 192.168.217.1 to 192.168.217.5, checking for live hosts without actually scanning ports. |
nmap -O 192.168.217.5 | Performs operating system detection on the target host. |
nmap -A 192.168.217.5 | Performs an aggressive scan, combining OS detection, version detection, script scanning, and traceroute. |
nmap -sA 192.168.217.3 | Performs an ACK scan, which can be used to bypass firewalls and detect filtered ports. |
nmap –F 192.168.217.5 | Performs a fast scan, checking only the most common ports. |
nmap -p 80 192.168.217.5 | Scans the specified port 80 on the target host. |
nmap -p 80 192.168.217.3 | Scans multiple ports (80) on the specified host. |
nmap -p 20-80 192.168.217.5 | Scans a range of ports from 20 to 80 on the target host. |
nmap -sV 192.168.217.5 | Performs a service and version detection scan on the target host. |
nmap -p 80 -sV 192.168.217.5 | Performs a service and version detection scan for the specified port 80 on the target host. |
Disclaimer
The content provided on this page is for educational purposes only. It is intended to demonstrate the vulnerabilities of computer systems and networks and to promote ethical hacking practices. Any unauthorized use of the information or tools presented here is strictly prohibited and may violate applicable laws.
By accessing and using this information, you agree to the following:
- No Malicious Use: You will not use the information or tools to harm others, damage property, or violate any laws.
- Ethical Use: You will use the information and tools responsibly and ethically, respecting the privacy and security of others.
- Legal Compliance: You will comply with all applicable laws and regulations regarding hacking and cybersecurity.
It is important to note that hacking systems without proper authorization is illegal and unethical. If you have concerns about the security of your own systems, please consult with a qualified security professional.