SlideShare a Scribd company logo

Understanding NMAP

Download as PPTX, PDF
Phannarith Ou, G-CISO
Phannarith Ou, G-CISO

This is the basic document related to NMAP. This was present during the Defense Saturday 8. Defense Saturday is one of the initiative by SecuDemy.com

Education
1 of 23
Pin Pechdara Network Engineer Auguast 15, 2015 Nmap
 What is Nmap?  Process of Nmap  Scanning techniques  Dectect OS with Nmap  Host and Port Option  Real Time Information  Timing Option  Logging Information Agenda
What is Nmap?  Nmap is a free and open source utility for network discovery and security auditing.  Latest version of nmap is 6.49BETA2  Nmap supports all platform of OS like  Linux/Unix  Microsoft  Mac
Process Nmap 1. If hostname use as target, nmap will perform dns lookup to scan. But if ip address use as target, dns lookup will not process 2. Nmap pings the romote device. Can disable ping with option (- Pn) 3. If IP address is specified as the remote host, Reverse DNS will occur. We can use option (-n) to disable if we think it is not necessary 4. Nmap executes the scan.
TCP SYN Scan (-sS)  Allow nmap to gather information about open ports without completing the TCP handshake process.  By default if nmap scan option isn’t specified on the command line, TCP SYN scan is use #namp --sS -v 192.168.1.100 Source Destination
TCP SYN Scan (-sT)  Allow nmap to gather information about open ports with completing the TCP handshake process.  nmap –sT –v 192.168.1.100 Source Destination
Ping Scan (-sP)  Ping Scan is a quickest scan that nmap perform.  It is useful to determine remote hosts are up or down. #nmap -v -sP 192.168.1.100 --packet_trace Source Destination
Version Detection (-sV)  Allow nmap to gather version of application of remote host  The version detection scan runs automatically if the Aggressive Scan (-A) is selected.  -sP, -sL, -sO will not run the same command line with version detection Source Destination
UDP Scan (-sU)  UDP has no need to process 3 way handshake or SYN, FIN, and RST. #nmap -sU -v 192.168.1.100 --packet_trace Source Destination
IP Protocol Scan (-sO)  The IP Protocol Scan attempt to determine IP Protocol support on target. #nmap -v -sO 192.168.1.100 --packet_trace Source Destination
ACK Scan (-sA)  ACK Scan to determine port filter or unfilter #nmap -sA -v 192.168.1.100 Source Destination
Window Scan (-sA)  Allow nmap to gather information about open ports without completing the TCP handshake process.  The version detection scan runs automatically if the Aggressive Scan (-A) is selected.  -sP, -sL, -sO will not run the same command line with version detection Source Destination
Idlescan (-sI)  Idle Scan use other station to scan remote host device #nmap -sI -v 192.168.1.50 192.168.1.100 Source Destination Zombie
How to Detect OS with Nmap  Technically, nmap provide the rich feature that offer us to dectect what OS that remote devices are used.  By using below additional options we can get what OS of remote host  OS fingerprint with option (-O) #nmap -sS -O 192.168.1.100  Additional, Advance, and Aggressive (-A) Note: shortcut for running (-O) & (-sV) #nmap -sS -A 192.168.1.100
Host and Port options  Except Target  Exclude Targets (--exclude host1,host2,….) This option provide nmap to avoid scanning specific hosts that are not necessary #nmap -v -sS 192.168.1.0/24 --exclude 192.168.1.1-10  Exclude Targets in File (--excludefile <filename>) This option provide nmap to avoid scanning specific hosts from file. #nmap -v -sS 192.168.1.0/24 --ecludefile except_IP.txt  Include Target  Read Targets from File (-iL <filename>) This option provide name to scan specific host from file. #nmap -v -sS 192.168.1.0/24 -iL IP_Scan.txt
Host and Port options (Cont)  Specify Port Protocol or Port Number (-p <port_range>) by using this option, it provides nmap to scan specific port rather than scan all port (1000 ports) #nmap -v -sS -p 80 192.168.1.100 (-p dedicate to TCP port number) #nmap -v -sO -p 6 192.168.1.100 (-p dedicate to protocol number) #nmap -v -sU -p 6 192.168.1.100 (-p dedicate UDP Port number)
Real Time Information  While Nmap is processing to scan remote host device, there are a lot of activities behind what we seen on screen.  So we use additional option to see slightly with :  Verbose Mode (--verbose, -v) #nmap -sS -v 192.168.1.100  Packet Trace (--packet_trace) #nmap -sS -v 192.168.1.100 --packet_trace
Timing Option (--timing, -T <0-5>) Category Initial_rtt_timeout Min_rtt_timeout Max_rtt_timeout Max_parallelism Scan_delay Max_scan_delay T0/Paranoid 5 min Default 100ms Default 10 sec serial 5 min Default 1 sec T1/Sneaky 15 Sec Default 100ms Default 10 sec serial 15 sec Default 1 sec T2/Polite Default (1 Sec) Default 100ms Default 10 sec serial 400ms Default 1 sec T3/Normal Default (1 Sec) Default 100ms Default 10 sec parallel 0 sec Default 1 sec T4/Aggressive 500ms 100ms 1,250ms parallel 0 sec 10ms T5/Insane 200ms 50ms 300ms parallel 0 sec 5ms #nmap -sS -v 192.168.1.100 -T5
Logging Information  Nmap provide many options of logging the scan result.  Normal Format (-oN <Logfilename>) #nmap -sS -v 192.168.1.100 --packet_trace -oN nmap_output  XML Format (-oX <Logfilenmae>) #nmap -sS -v 192.168.1.100 --packet_trace -oN nmap_output  Grepable Format (-oG <filename>) #nmap -sS -v 192.168.1.100 --packet_trace -oG nmap_output  All Formats (-oA <filename>) this option will create 3 different output (Normal, XML, grepable output) #nmap -sS -v 192.168.1.100 --packet_trace -oA nmap_output
Nmap sample command Nmap command Description Nmap 192.168.1.100 Perform nmap scan default on host 192.168.1.100 Nmap 192.168.1.0/24 Scan default nmap on network 192.168.1.0 Nmap –sP 192.168.1.100 Just ping to identify remote host alive or not Nmap –sS –O –p 22,80,443 192.168.1.100 Perform SYN scan on port 22, 80, and 443 on remote host and dectect operation system nmap -sS -Pn -sV -O nmap.org Syn scan, no ping, identify version, and operating system detection. nmap -v -n -sS -sU -Pn -A -oA scan nmap.org -v invokes verbosity. -n skips name resolution. -sS is a SYN scan. -sU scans UDP ports. -Pn skips pinging. -A enables both OS fingerprinting and version detection (tries to verify what is listening on found ports). -oA scan creates reports as scan.nmap, scan.gnmap, and scan.xml.
Question
Understanding NMAP
Understanding NMAP

Recommended

Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 

Recommended

Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
Nmap
NmapNmap
NmapMegha Sahu
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Network scanning
Network scanningNetwork scanning
Network scanningMD SAQUIB KHAN
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Zen map
Zen mapZen map
Zen mapharisnaved
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"abend_cve_9999_0001
 

More Related Content

What's hot

N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 

What's hot (20)

N map presentation
N map presentationN map presentation
N map presentation
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorial
 
Nmap
NmapNmap
Nmap
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Metasploit
MetasploitMetasploit
Metasploit
 
Nmap
NmapNmap
Nmap
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Nmap
NmapNmap
Nmap
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Wireshark
WiresharkWireshark
Wireshark
 
Port scanning
Port scanningPort scanning
Port scanning
 
Zen map
Zen mapZen map
Zen map
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 

Viewers also liked

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"abend_cve_9999_0001
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)Denny K
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Apache Spark: Coming up to speed
Apache Spark: Coming up to speedApache Spark: Coming up to speed
Apache Spark: Coming up to speedAdarsh Pannu
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsNapier University
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Ashley Wheeler
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Yoram Orzach
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 

Viewers also liked (18)

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
 
Glint with Apache Spark
Glint with Apache SparkGlint with Apache Spark
Glint with Apache Spark
 
Apache Spark: Coming up to speed
Apache Spark: Coming up to speedApache Spark: Coming up to speed
Apache Spark: Coming up to speed
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network Forensics
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 

Similar to Understanding NMAP

Using metasploit
Using metasploitUsing metasploit
Using metasploitCyberRad
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academycyberforgeacademy
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.pptVarunBehere1
 
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Andrej Šimko
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
Dane presentation
Dane presentationDane presentation
Dane presentationAnkit Singh
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 

Similar to Understanding NMAP (20)

NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Using metasploit
Using metasploitUsing metasploit
Using metasploit
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academy
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.ppt
 
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
Analysis of ESET Smart Security 6 personal firewall’s thresholds and detectio...
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
Namp
Namp Namp
Namp
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information Gathering
 
Dane presentation
Dane presentationDane presentation
Dane presentation
 
Day2
Day2Day2
Day2
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Security
 
Network for amin
Network for aminNetwork for amin
Network for amin
 

More from Phannarith Ou, G-CISO

3 Security Tips for better security for personal computer
3 Security Tips for better security for personal computer3 Security Tips for better security for personal computer
3 Security Tips for better security for personal computerPhannarith Ou, G-CISO
 
Case - How to protect your information
Case - How to protect your informationCase - How to protect your information
Case - How to protect your informationPhannarith Ou, G-CISO
 
Case Study - Internet Security Policy (Khmer)
Case Study - Internet Security Policy (Khmer)Case Study - Internet Security Policy (Khmer)
Case Study - Internet Security Policy (Khmer)Phannarith Ou, G-CISO
 
Network Security with ISA Server 2006
Network Security with ISA Server 2006Network Security with ISA Server 2006
Network Security with ISA Server 2006Phannarith Ou, G-CISO
 
Network Installation and Management in Windows 2008 Enterprise
Network Installation and Management in Windows 2008 EnterpriseNetwork Installation and Management in Windows 2008 Enterprise
Network Installation and Management in Windows 2008 EnterprisePhannarith Ou, G-CISO
 
Understanding Malware by BBU Student
Understanding Malware by BBU StudentUnderstanding Malware by BBU Student
Understanding Malware by BBU StudentPhannarith Ou, G-CISO
 

More from Phannarith Ou, G-CISO (20)

3 Security Tips for better security for personal computer
3 Security Tips for better security for personal computer3 Security Tips for better security for personal computer
3 Security Tips for better security for personal computer
 
Reconnaisance
Reconnaisance Reconnaisance
Reconnaisance
 
Case - How to protect your information
Case - How to protect your informationCase - How to protect your information
Case - How to protect your information
 
Case - How to protect your website
Case - How to protect your websiteCase - How to protect your website
Case - How to protect your website
 
Case Study - Internet Security Policy (Khmer)
Case Study - Internet Security Policy (Khmer)Case Study - Internet Security Policy (Khmer)
Case Study - Internet Security Policy (Khmer)
 
Internet Security Policy - Khmer
Internet Security Policy - Khmer Internet Security Policy - Khmer
Internet Security Policy - Khmer
 
How to Protect Computer From Virus
How to Protect Computer From VirusHow to Protect Computer From Virus
How to Protect Computer From Virus
 
How to Secure Your WiFi
How to Secure Your WiFiHow to Secure Your WiFi
How to Secure Your WiFi
 
Facebook Security in 3 Ways
Facebook Security in 3 Ways Facebook Security in 3 Ways
Facebook Security in 3 Ways
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
 
Exchange Server 2003
Exchange Server 2003Exchange Server 2003
Exchange Server 2003
 
Network Security with ISA Server 2006
Network Security with ISA Server 2006Network Security with ISA Server 2006
Network Security with ISA Server 2006
 
Network Installation and Management in Windows 2008 Enterprise
Network Installation and Management in Windows 2008 EnterpriseNetwork Installation and Management in Windows 2008 Enterprise
Network Installation and Management in Windows 2008 Enterprise
 
Secure System Development Proposal
Secure System Development ProposalSecure System Development Proposal
Secure System Development Proposal
 
How to know you was hacked
How to know you was hackedHow to know you was hacked
How to know you was hacked
 
ូUnderstanding DNS Spoofing
ូUnderstanding DNS SpoofingូUnderstanding DNS Spoofing
ូUnderstanding DNS Spoofing
 
Understanding Malware by BBU Student
Understanding Malware by BBU StudentUnderstanding Malware by BBU Student
Understanding Malware by BBU Student
 
Heartbleed vulnerability
Heartbleed vulnerabilityHeartbleed vulnerability
Heartbleed vulnerability
 
P12 r202t8 05-spam
P12 r202t8 05-spamP12 r202t8 05-spam
P12 r202t8 05-spam
 
P12 r202t8 04-d-dos
P12 r202t8 04-d-dosP12 r202t8 04-d-dos
P12 r202t8 04-d-dos
 

Recently uploaded

Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 

Understanding NMAP

  • 2.  What is Nmap?  Process of Nmap  Scanning techniques  Dectect OS with Nmap  Host and Port Option  Real Time Information  Timing Option  Logging Information Agenda
  • 3. What is Nmap?  Nmap is a free and open source utility for network discovery and security auditing.  Latest version of nmap is 6.49BETA2  Nmap supports all platform of OS like  Linux/Unix  Microsoft  Mac
  • 4. Process Nmap 1. If hostname use as target, nmap will perform dns lookup to scan. But if ip address use as target, dns lookup will not process 2. Nmap pings the romote device. Can disable ping with option (- Pn) 3. If IP address is specified as the remote host, Reverse DNS will occur. We can use option (-n) to disable if we think it is not necessary 4. Nmap executes the scan.
  • 5. TCP SYN Scan (-sS)  Allow nmap to gather information about open ports without completing the TCP handshake process.  By default if nmap scan option isn’t specified on the command line, TCP SYN scan is use #namp --sS -v 192.168.1.100 Source Destination
  • 6. TCP SYN Scan (-sT)  Allow nmap to gather information about open ports with completing the TCP handshake process.  nmap –sT –v 192.168.1.100 Source Destination
  • 7. Ping Scan (-sP)  Ping Scan is a quickest scan that nmap perform.  It is useful to determine remote hosts are up or down. #nmap -v -sP 192.168.1.100 --packet_trace Source Destination
  • 8. Version Detection (-sV)  Allow nmap to gather version of application of remote host  The version detection scan runs automatically if the Aggressive Scan (-A) is selected.  -sP, -sL, -sO will not run the same command line with version detection Source Destination
  • 9. UDP Scan (-sU)  UDP has no need to process 3 way handshake or SYN, FIN, and RST. #nmap -sU -v 192.168.1.100 --packet_trace Source Destination
  • 10. IP Protocol Scan (-sO)  The IP Protocol Scan attempt to determine IP Protocol support on target. #nmap -v -sO 192.168.1.100 --packet_trace Source Destination
  • 11. ACK Scan (-sA)  ACK Scan to determine port filter or unfilter #nmap -sA -v 192.168.1.100 Source Destination
  • 12. Window Scan (-sA)  Allow nmap to gather information about open ports without completing the TCP handshake process.  The version detection scan runs automatically if the Aggressive Scan (-A) is selected.  -sP, -sL, -sO will not run the same command line with version detection Source Destination
  • 13. Idlescan (-sI)  Idle Scan use other station to scan remote host device #nmap -sI -v 192.168.1.50 192.168.1.100 Source Destination Zombie
  • 14. How to Detect OS with Nmap  Technically, nmap provide the rich feature that offer us to dectect what OS that remote devices are used.  By using below additional options we can get what OS of remote host  OS fingerprint with option (-O) #nmap -sS -O 192.168.1.100  Additional, Advance, and Aggressive (-A) Note: shortcut for running (-O) & (-sV) #nmap -sS -A 192.168.1.100
  • 15. Host and Port options  Except Target  Exclude Targets (--exclude host1,host2,….) This option provide nmap to avoid scanning specific hosts that are not necessary #nmap -v -sS 192.168.1.0/24 --exclude 192.168.1.1-10  Exclude Targets in File (--excludefile <filename>) This option provide nmap to avoid scanning specific hosts from file. #nmap -v -sS 192.168.1.0/24 --ecludefile except_IP.txt  Include Target  Read Targets from File (-iL <filename>) This option provide name to scan specific host from file. #nmap -v -sS 192.168.1.0/24 -iL IP_Scan.txt
  • 16. Host and Port options (Cont)  Specify Port Protocol or Port Number (-p <port_range>) by using this option, it provides nmap to scan specific port rather than scan all port (1000 ports) #nmap -v -sS -p 80 192.168.1.100 (-p dedicate to TCP port number) #nmap -v -sO -p 6 192.168.1.100 (-p dedicate to protocol number) #nmap -v -sU -p 6 192.168.1.100 (-p dedicate UDP Port number)
  • 17. Real Time Information  While Nmap is processing to scan remote host device, there are a lot of activities behind what we seen on screen.  So we use additional option to see slightly with :  Verbose Mode (--verbose, -v) #nmap -sS -v 192.168.1.100  Packet Trace (--packet_trace) #nmap -sS -v 192.168.1.100 --packet_trace
  • 18. Timing Option (--timing, -T <0-5>) Category Initial_rtt_timeout Min_rtt_timeout Max_rtt_timeout Max_parallelism Scan_delay Max_scan_delay T0/Paranoid 5 min Default 100ms Default 10 sec serial 5 min Default 1 sec T1/Sneaky 15 Sec Default 100ms Default 10 sec serial 15 sec Default 1 sec T2/Polite Default (1 Sec) Default 100ms Default 10 sec serial 400ms Default 1 sec T3/Normal Default (1 Sec) Default 100ms Default 10 sec parallel 0 sec Default 1 sec T4/Aggressive 500ms 100ms 1,250ms parallel 0 sec 10ms T5/Insane 200ms 50ms 300ms parallel 0 sec 5ms #nmap -sS -v 192.168.1.100 -T5
  • 19. Logging Information  Nmap provide many options of logging the scan result.  Normal Format (-oN <Logfilename>) #nmap -sS -v 192.168.1.100 --packet_trace -oN nmap_output  XML Format (-oX <Logfilenmae>) #nmap -sS -v 192.168.1.100 --packet_trace -oN nmap_output  Grepable Format (-oG <filename>) #nmap -sS -v 192.168.1.100 --packet_trace -oG nmap_output  All Formats (-oA <filename>) this option will create 3 different output (Normal, XML, grepable output) #nmap -sS -v 192.168.1.100 --packet_trace -oA nmap_output
  • 20. Nmap sample command Nmap command Description Nmap 192.168.1.100 Perform nmap scan default on host 192.168.1.100 Nmap 192.168.1.0/24 Scan default nmap on network 192.168.1.0 Nmap –sP 192.168.1.100 Just ping to identify remote host alive or not Nmap –sS –O –p 22,80,443 192.168.1.100 Perform SYN scan on port 22, 80, and 443 on remote host and dectect operation system nmap -sS -Pn -sV -O nmap.org Syn scan, no ping, identify version, and operating system detection. nmap -v -n -sS -sU -Pn -A -oA scan nmap.org -v invokes verbosity. -n skips name resolution. -sS is a SYN scan. -sU scans UDP ports. -Pn skips pinging. -A enables both OS fingerprinting and version detection (tries to verify what is listening on found ports). -oA scan creates reports as scan.nmap, scan.gnmap, and scan.xml.