We would like to introduce you to one of the network utilities called Nmap. Which is a free network discovery tool and very practical. Since ethical hacking and penetration testing becoming mainstream in corporate environments, professional personnel and appropriate equipment are in high demand. The proper software framework can be the turning point in a hacking campaign dealing with intricate hardware. So let’s find an answer to this question: what is Nmap and how does it work?
What is Nmap?
Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. It’s designed to scan networks and hosts to gather information about their devices, services, and vulnerabilities. Nmap can be used by network administrators, security professionals, and penetration testers to assess the security posture of a network and identify potential points of weakness. In other words, we can use Nmap as a tool to scan IP addresses, scan open ports on your computer’s network, and look for security holes by sending packets and analyzing responses.
What features does Nmap offer?
Now that you have a basic understanding of Nmap tool, we are going to examine some common features of Nmap tools:
1- Port Scanning: Nmap can scan ports on remote hosts to determine which ports are open and what services are running on those ports. This helps in understanding the network’s attack surface.
2- Version Detection: Nmap can often determine the version of a service running on an open port, which can provide valuable information about potential vulnerabilities associated with that version.
3- Network Discovery: Nmap can discover hosts on a network by sending various types of probes and analyzing the responses. It can identify hosts that are alive and reachable.
4- Scripting: It includes a scripting engine called NSE (Nmap Scripting Engine) that allows users to write custom scripts to perform more advanced tasks during the scanning process, such as vulnerability detection and service enumeration.
5- Ping and Host Discovery: Nmap can use various techniques to determine if a host is alive and reachable, such as ICMP ping, TCP ping, and ARP ping.
6- Vulnerability Detection: Nmap can be used to identify potential vulnerabilities in services by comparing the versions detected to known vulnerability databases.
7- Security Auditing: Security professionals often use Nmap to audit their networks for weak points, misconfigured services, and potential attack vectors.
Installing Nmap on Linux Distributions
To be able to use this tool, you must install it on your system, and the first step for this installation is to provide the prerequisites:
– A Linux VPS Server
– A proper user account with sudo privileges
– Command line terminal
Now you can start the installation process on Debian/Ubuntu by following the instructions in this section.
Apply the command below to start the installation:
sudo apt-get install nmap
Then type Y to confirm the installation.
To verify the version of this tool run the following command:
Here, you will find the installation command for Linux distributions of CentOS/RHEL:
sudo yum install nmap
Type Y to confirm the installation. Then apply this command to see the version of Nmap:
How to find program versions using Nmap
You can use this tool to gather information about services and versions running on remote machines. Here we will learn how to worfor this purpose. To perform the version scan use the command below:
-sV (Version detection)
You can Enable version detection, as we have shown above. Or, you can use -A, to enable version detection among other things.
How to determine the target host using Nmap?
Determining the target host using this tool typically involves network discovery, which helps identify active hosts within a given range of IP addresses. Now, let’s find out the way to determine the target host:
--allports (Don't exclude any ports from version detection)
As a default setting, Nmap skips TCP port 9100. By modifying or removing the exclude directive nmap-service-probes, this behavior can be changed. Also, for scanning all ports without any exclude directive, you can specify –allports:
--version-intensity (Set version scan intensity)
In the end, to trace version scan activity, use the following command:
--version-trace (Trace version scan activity)
Scan ports using Nmap
If you are willing to scan ports and launch the default scan using Nmap, you just need a target. This target can be an IP address, hostname, or a network range:
The scan result shows all the host information like IP address, reverse DNS name, or interesting ports with service names.
Disable DNS Name Resolution
Disabling DNS (Domain Name System) name resolution on a computer or network can be useful for certain purposes, such as isolating the system from the internet or preventing outbound connections.
Here’s how you can disable DNS name resolution on a Linux machine.
Disabling DNS using systems on Ubuntu, CentOS, etc:
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
Disabling DNS using NetworkManager:
Then add or modify the following line:
At last use the command below to save the file and restart the NetworkManager:
sudo systemctl restart NetworkManager
As we mentioned in our article, Nmap is a scanning tool that you can use for network scanning and security auditing. We tried to give a complete guide to make a clear understanding of this tool and teach how you can install it on your Linux system. Also, shows how to find the version, scan ports, and determine the target host. At last, we gave you the command to disable DNS name resolution. We hope this guide was useful for you.