Nmap
Nmap is a network scanner tool used to discover hosts and services on a computer network by sending packets and analyzing the responses.
NMAP Basics
nmap can be used through terminal and have differents types of scan. Mainly you check TCP traffic with default commands. Can specify UDP packages using flags in the command.
Example basic command:
nmap [IP/Domain]
Using without flags only gives basic information.
Command: nmap 8.8.8.8
Response:
Nmap scan report for dns.google (8.8.8.8)
Host is up (0.024s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
53/tcp open domain
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 42.63 seconds.
Common flags and uses
- sS: Silent mode (TCP Syn Port), it takes more time to analyze the network but is less agresive.
- sC: Run default scripts, more info in: https://nmap.org/nsedoc/categories/default.html
- sV: Show wich services are running in the ports.
- sU: Run UDP scan.
- T: Specify the level of intrusion between 1-5 (1Low,5High).
- Pn: Disable ping command and scan immediately.
- -p-: Scan all the ports 1-65435
- n: Do not resolve DNS.
- O: OS flag used with sudo.
- oN: Export in nmap format file.
- min-rate: Send minimum package rate of the number given.
- max-rate: Send maximun package rate.
Command examples
TCP full scan:
sudo nmap -sCV -Pn -p- -T5 --min-rate 5000 8.8.8.8 -O
UDP full scan:
sudo nmap -sUV -Pn -p- 8.8.8.8