Network and Systems Scanning - Demo using NMAP - Kali Linux

What is Network Scanning?

Network scanning is the process of examining a computer network to gather information about its systems and services. This involves sending packets to network devices and analyzing the responses to identify active hosts, open ports, running services, and other details

Types of Network Scanning

Port Scanning: This involves checking which ports on a host are open. Open ports indicate running services.
Host Discovery: Identifies active devices on a network.
Service Detection: Determines the type of service running on an open port.
Operating System Detection: Identifies the operating system of a host.
Vulnerability Scanning: Checks for known vulnerabilities in systems and applications.

Use of Network Scanning for Security Professionals

Identify potential vulnerabilities
Detect unauthorized devices
Assess security posture
Conduct penetration testing

Tools used for Network Scanning

Tool	Type	Description
Nmap	Open-Source	Versatile tool for host discovery, port scanning, service detection, and OS fingerprinting.
Zenmap	Open-Source	Graphical user interface for Nmap.
OpenVAS	Open-Source	Vulnerability scanner that can also perform network discovery and port scanning.
Nessus	Commercial	Popular vulnerability scanner with network scanning capabilities.
Nikto	Open-Source	Web server scanner that can also identify open ports and services.
Angry IP Scanner	Open-Source	Fast and lightweight tool for discovering hosts on a network.
Fping	Open-Source	Tool for pinging multiple hosts simultaneously.
Wireshark	Open-Source	Primarily a packet analyzer, but can be used for network discovery and analysis.
Qualys	Commercial	Offers a suite of vulnerability management and compliance solutions, including network scanning.
Auvik	Commercial	Cloud-based network monitoring and management platform with scanning capabilities.
SolarWinds Network Scanner	Commercial	Provides comprehensive network discovery and monitoring.
ManageEngine OpUtils	Commercial	Offers network discovery, inventory management, and monitoring.
Acunetix	Commercial	Primarily a web application scanner, but also includes network discovery features.
BeyondTrust	Commercial	Offers remote access and privileged access management solutions with network scanning capabilities.

Introduction to NMAP

Nmap(Network Mapper) is a powerful and versatile open-source tool used for network discovery and security auditing. It allows you to:

Discover hosts: Identify active devices on a network.
Detect services: Determine which services are running on those hosts.
Identify operating systems: Determine the operating system of each host.
Map network topology: Visualize the network structure.
Perform vulnerability scans: Identify potential weaknesses in your network.

How NMAP Works?

Nmap sends specially crafted packets to target systems and analyzes the responses to gather information. It offers a wide range of scanning techniques, including

Ping scans: Determine which hosts are alive on the network.
Port scans: Identify open ports on target hosts.
OS fingerprinting: Identify the operating system of target hosts.
Service version detection: Determine the version of running services.

Brief look at NMAP Commands

Command	Description
nmap -h	Displays the Nmap help screen, providing information about available options and usage.
nmap -V	Displays the Nmap version information.
nmap 192.168.217.3	Scans the host with IP address 192.168.217.3 for open ports and services.
nmap 192.168.217.3 192.168.217.5	Scans multiple hosts, 192.168.217.3 and 192.168.217.5, for open ports and services.
nmap 192.168.217.3-5	Scans a range of hosts from 192.168.217.3 to 192.168.217.5 for open ports and services.
nmap 192.168.217.3,4,5	Scans specific hosts 192.168.217.3, 192.168.217.4, and 192.168.217.5 for open ports and services.
nmap 192.168.217.*	Scans all hosts in the 192.168.217.0 network for open ports and services.
nmap 192.168.217.3-5 --exclude 192.168.217.4	Scans hosts from 192.168.217.3 to 192.168.217.5, excluding 192.168.217.4.
nmap -sL 192.168.217.1-5	Performs a list scan on hosts 192.168.217.1 to 192.168.217.5, checking for live hosts without actually scanning ports.
nmap -O 192.168.217.5	Performs operating system detection on the target host.
nmap -A 192.168.217.5	Performs an aggressive scan, combining OS detection, version detection, script scanning, and traceroute.
nmap -sA 192.168.217.3	Performs an ACK scan, which can be used to bypass firewalls and detect filtered ports.
nmap –F 192.168.217.5	Performs a fast scan, checking only the most common ports.
nmap -p 80 192.168.217.5	Scans the specified port 80 on the target host.
nmap -p 80 192.168.217.3	Scans multiple ports (80) on the specified host.
nmap -p 20-80 192.168.217.5	Scans a range of ports from 20 to 80 on the target host.
nmap -sV 192.168.217.5	Performs a service and version detection scan on the target host.
nmap -p 80 -sV 192.168.217.5	Performs a service and version detection scan for the specified port 80 on the target host.

Disclaimer

The content provided on this page is for educational purposes only. It is intended to demonstrate the vulnerabilities of computer systems and networks and to promote ethical hacking practices. Any unauthorized use of the information or tools presented here is strictly prohibited and may violate applicable laws.

By accessing and using this information, you agree to the following:

No Malicious Use: You will not use the information or tools to harm others, damage property, or violate any laws.
Ethical Use: You will use the information and tools responsibly and ethically, respecting the privacy and security of others.
Legal Compliance: You will comply with all applicable laws and regulations regarding hacking and cybersecurity.

It is important to note that hacking systems without proper authorization is illegal and unethical. If you have concerns about the security of your own systems, please consult with a qualified security professional.