Nmap Experiment

2

Outline• Introduction• NMAP

- NMAP advantages- NMAP capability of support

• NMAP Install- Install of under Windows- Install of under Linux

• NMAP Experiment- Use NMAP- Parameter： -sT- Parameter： -sS

• Conclusions

3

Introduction

• A Port Scanner software on unix

• By NMAP scan- Quickly know remote host executive services- Guess remote host’s Operation System & Version- Subnet scanning =>To detect the subnet on which hosts and each of detection of its services

4

Nmap pros & function

• Nmap advantages

- Support scanning of variety protocols- Support most of existing system- Operate interface simply- Simple instructions , powerful functions- Free software

• Nmap function

- TCP SYN scanning- TCP ftp proxy scanning- ICMP scanning- TCP ping scanning

5

TCP Flag Definition

FlagSYN The beginning of a connection

ACK Acknowledge receipt of a previous packet or transmission

FIN Close a TCP connection

RST Abort a TCP connection

6

Three-way handshake

Client Server

SYN

SYN/ACK

ACK

Connection Established

Client Server

FIN

ACK/FIN

ACK

Connection Closed

Connect Disconnect

Nmap Install

8

Windows

• http://insecure.org

9

Linux

• Fedora : (Root Permission) yum install Nmap or wget http://~~/nmap-5.00-1.i386.rpm• Ubuntu : sudo apt-get install Nmap

10

• Instruction : nmap –sT Target host

Scanning for TCP Ports

11

SYN Scan

Nmap sends to Host Port

Nmap receives from Host Port

Nmap Assumes

SYN SYN/ACK Port is openHost is up

SYN RST Port is closedHost is up

SYN Nothing Port is blocked by firewallOr Host is down

Instruction : nmap –sS Target host

12

• Instruction : namp –p [1-1024] Target host

Scanning Host Port

13

• Instruction : nmap –O Target host

OS detection

14

Conclusions

• Nmap is a useful and free security detective tool

• Through Nmap provide detailed information thatcan understand host deeply and also avoid unexpectedsecurity vulnerabilities

• Other scanning tools - Netscantools- Superscan- IPEYE- WUPS