Linux nmap Security Monitoring Tool
Howto scan a network using nmap on Linux
nmap - Security Scanner
Nmap is a security scanning tool (network mapper) that is used to discover hosts and services on a computer network. Nmap accomplishes this by sending specially crafted packets of data to the target hosts and then analyses the responses back. Nmap can identify ports that are open and identify the host operating system in most cases. Nmap was designed to quickly scan large networks although it is often used against selected Ip addresses.
Nmap is often used as a security auditing tool. Nmap can be used to see what connections are active.
Host Discovery - Analysing responses from ping commands and open ports.
Port Scanner - Scans through a range of ports to determine if they are open or not.
Version Detection - nmap can interrogate listening network services and determine application names and numbers.
Operating System Detection - nmap can identify known operating systems.
nmap Installation Guide
nmap can normally be installed direct from your systems standard repositories. Below are examples of installing nmap using Debian/Ubuntu, CentOS/RHEL and openSUSE Linux distributions. To install nmap, simply follow the instructions that match your operating system.
Install nmap for Ubuntu/Debian Distributions
To install nmap on a Debian based system issue the commands below. The first command is used to update your system with the latest versions of available packages. This command is then followed by the install command. Reply "Y" when asked to install the relevant package and any dependencies.
$ sudo apt-get update $ sudo apt-get install nmap
Install nmap for RHEL/CentOS Distributions
To install nmap on a Red Hat based systems, issue the following yum command as the root user. When asked to confirm installation and any dependencies, reply "y".
# yum install nmap
Install nmap for openSUSE Distributions
To install nmap on either openSUSE or SLES, issue the following commands from a terminal as a root user. Reply "y" to the continue prompt.
# zypper install nmap
nmap command examples
The following section illustrates some of the functionality of the nmap command. In the following examples we will use a CentOS 7.0 installation to issue our commands from.
Scan a Single IP Address
In the following example, we are going to run a scan against a single IP address with no additional parameters passed:
[root@centos07a ~]# nmap 192.168.0.16 Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 20:51 GMT Nmap scan report for 192.168.0.16 Host is up (0.00014s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 10000/tcp open snet-sensor-mgmt Nmap done: 1 IP address (1 host up) scanned in 89.70 seconds
In the above example, our target server has the IP address of "192.168.0.16". The following ports were found to be open:
Port 22: Used for ssh connections.
Port 80: Indicates a web server is running.
Port 10000: Webmin administration is running on port 10000.
Scan with OS Detection
[root@centos07a ~]# nmap -v -A 192.168.0.16 Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 21:09 GMT NSE: Loaded 110 scripts for scanning. NSE: Script Pre-scanning. Initiating Parallel DNS resolution of 1 host. at 21:09 Completed Parallel DNS resolution of 1 host. at 21:09, 0.03s elapsed Initiating SYN Stealth Scan at 21:09 Scanning 192.168.0.16 [1000 ports] Discovered open port 22/tcp on 192.168.0.16 Discovered open port 80/tcp on 192.168.0.16 Increasing send delay for 192.168.0.16 from 0 to 5 due to 13 out of 43 dropped probes since last increase. Increasing send delay for 192.168.0.16 from 5 to 10 due to 39 out of 128 dropped probes since last increase. Increasing send delay for 192.168.0.16 from 10 to 20 due to 11 out of 23 dropped probes since last increase. Increasing send delay for 192.168.0.16 from 20 to 40 due to 11 out of 24 dropped probes since last increase. Increasing send delay for 192.168.0.16 from 40 to 80 due to 11 out of 30 dropped probes since last increase. SYN Stealth Scan Timing: About 45.67% done; ETC: 21:10 (0:00:37 remaining) Discovered open port 10000/tcp on 192.168.0.16 Completed SYN Stealth Scan at 21:10, 89.69s elapsed (1000 total ports) Initiating Service scan at 21:10 Scanning 3 services on 192.168.0.16 Completed Service scan at 21:10, 6.09s elapsed (3 services on 1 host) Initiating OS detection (try #1) against 192.168.0.16 NSE: Script scanning 192.168.0.16. Initiating NSE at 21:10 Completed NSE at 21:11, 30.01s elapsed Nmap scan report for 192.168.0.16 Host is up (0.00014s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.4 (protocol 2.0) | ssh-hostkey: 2048 25:0c:45:03:dc:38:1f:0b:95:e5:45:88:97:f2:f9:36 (RSA) |_256 da:b0:c1:ae:b4:5e:82:e7:b3:cb:ec:53:cf:9c:15:c3 (ECDSA) 80/tcp open http Apache httpd 2.4.6 ((CentOS)) | http-methods: POST OPTIONS GET HEAD TRACE | Potentially risky methods: TRACE |_See http://nmap.org/nsedoc/scripts/http-methods.html |_http-title: Apache HTTP Server Test Page powered by CentOS 10000/tcp open http MiniServ 1.690 (Webmin httpd) |_http-favicon: Unknown favicon MD5: 9A2006C267DE04E262669D821B57EAD1 |_http-methods: No Allow or Public header in OPTIONS response (status code 200) | http-robots.txt: 1 disallowed entry |_/ |_http-title: Login to Webmin | ndmp-version: |_ ERROR: Failed to get host information from server Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.7 - 3.9 Uptime guess: 0.022 days (since Mon Dec 1 20:39:14 2014) Network Distance: 0 hops TCP Sequence Prediction: Difficulty=259 (Good luck!) IP ID Sequence Generation: All zeros NSE: Script Post-scanning. Initiating NSE at 21:11 Completed NSE at 21:11, 0.00s elapsed Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 128.48 seconds Raw packets sent: 1356 (62.416KB) | Rcvd: 2727 (118.770KB)