Nmap Command Examples For Network Admins part 2

This is for educational purposes, 
The author is not responsible for 
any action done by you.  


It was originally written by Gordon Lyon and it can answer the following questions easily:

    -- What computers did you find running on the local network?
   --  What IP addresses did you find running on the local network?
   --  What is the operating system of your target machine?
    -- Find out what ports are open on the machine that you just scanned?
    -- Find out if the system is infected with malware or virus.
    -- Search for unauthorized servers or network service on your network.
    -- Find and remove computers which don't meet the organization's minimum level of security.

1. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning 

2. RFC 1122    

3. RFC 792

4. Lua programming language

5. UDP

setup (LAB) 

Port scanning may be illegal in some jurisdictions. So setup a lab as follows:

                              +---------+
        +---------+           | Network |         +--------+
        | server1 |-----------+ swtich  +---------|server2 |
        +---------+           | (sw0)   |         +--------+
                              +----+----+
                                   |
                                   |
                         +---------+----------+
                         | user01 Linux/OSX    |
                         +--------------------+ 

Where,

• user01 is your computer either running Linux/OS X or Unix like operating system. It is used for scanning your local network. The nmap command must be installed on this computer.
• server1 can be powered by Linux / Unix / MS-Windows operating systems. This is an unpatched server. Feel free to install a few services such as a web-server, file server and so on.
• server2 can be powered by Linux / Unix / MS-Windows operating systems. This is a fully patched server with firewall. Again, feel free to install few services such as a web-server, file server and so on.
• All three systems are connected via switch.  

 How to install nmap? 

1. how to install Nmap on Windows 

2. how to install Nmap on Apple Mac OS X 

3. how to install Nmap on Linux Distributions

#1: Scan a single host or an IP address (IPv4) 

---- Scan a single ip address -----

nmap 192.168.1.1

---- Scan a host name -----

nmap server1.cyberciti.biz

---  Scan a host name with more info -----

nmap -v server1.cyberciti.biz
 

#2: Scan multiple IP address or subnet (IPv4) 

nmap 192.168.1.1 192.168.1.2 192.168.1.3

---  works with same subnet i.e. 192.168.1.0/24

nmap 192.168.1.1,2,3

**** You can scan a range of IP address too:

nmap 192.168.1.1-20 

 ***** You can scan a range of IP address using a wildcard: 

 nmap 192.168.1.* 

 ***** Finally, you scan an entire subnet: 

 nmap 192.168.1.0/24 

#3: Read list of hosts/networks from a file (IPv4) 

 The -iL option allows you to read the list of target 

systems using a text file. This is useful to scan a large number of

 hosts/networks. Create a text file as follows:

cat > /tmp/test.txt

 The syntax is:

 nmap -iL /tmp/test.txt

 #4: Excluding hosts/networks (IPv4) 

When scanning a large number of hosts/networks you can exclude hosts from a scan:

nmap 192.168.1.0/24 --exclude 192.168.1.5
nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254

OR exclude list from a file called /tmp/exclude.txt

nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

#5: Turn on OS and version detection scanning script (IPv4)

nmap -A 192.168.1.254
nmap -v -A 192.168.1.1
nmap -A -iL /tmp/scanlist.txt 

Get paid to share your links!