Nmap ("Network Mapper") is a free and open-source utility for network discovery and security auditing.
Which is a simple and very powerful tool for security audit/research.
Best platform for NMAP???
NMAP is able to run in CLI as well as in GUI mode named ZENMAP.
Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.
Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results from viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping)
NMAP able to do Host discovery, port scanning, OS detection, and Vulnerability Scan.
In this article, we going to discuss port scanning briefly.
What is Host Discovery
By the Host Discovery scan, we able to find out the number of live devices in a network.
In this method, NMAP will broadcast(Echo Request) TCP packets to the entire network (or) a target IP address (or) set of IP addresses. Once NMAP got Echo Reply from the target machine. Which will add that device to ARP inventory.
Finally, it will display ARP inventory as the Host Discovery result.
Syntex : #nmap -sn <Target IP/Network>
What is Port Scanning?
The port scanning means to probe a server or host for open ports. This is often used by administrators to verify the security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
A port scan or portscan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port; this is not a nefarious process in and of itself. The majority of uses of a port scan does not attack, but rather simple probes to determine services available on a remote machine.
The Three port states recognized by Nmap
Open Service is open (Port is open)
Closed Service is closed
Filtered Nmap cannot determine whether the port is open because of Firewall
Nmap syntax for port scanning
#nmap <IP Address>
In the above image, NMAP finds the SSH open stat TCP service ports of the target machine in LAN.
With NMAP we able to scan public IP addresses.
NMAP has the capability to bypass Firewalls. We will see different types of port scanning techniques in the future.
DOWNLOAD: Windows, Linux, Mac