Nmap is an open source that usually used by network administrator or pentester to scanning network for security and maintenance purpose. nmap is very usefull for gathering information like collecting host in the network or get available port and service and etc. so if you an network administrator or pentester, nmap is one of the best tool for you to exploring the network. okay here it is how to use nmap effectively.
TARGET SPESIFICATION
As you can see command below, We can specify the target according to the needs.
Scan single ip
address
|
nmap 21.22.23.1
|
Scan single host
|
nmap netlabinfo.com
|
Scan host with
verbose (more detailed info)
|
nmap –v netlabinfo.com
|
Scan a range
ip address
|
nmap 21.22.23.1-89
|
Scan entire subnet
|
nmap 21.22.23.0/24
|
Scan with file
list
|
nmap –iL target.txt
|
Save ouput to
file
|
nmap 21.22.23.1 >
result.txt
|
HOST DISCOVERY
one of nmap utility is get available host in the network, So try this command. it's very usefull when you want to troubleshoot your network.
to get available host in the network (ping scan)
|
nmap -sn 21.22.23.0/24
|
get available host with spesific port (80 and 22)
|
nmap -p80,22 21.22.23.0/24
|
get available host with OS detection
|
nmap –O 21.22.23.0/24
|
skip host discovery
|
nmap -Pn -v 21.22.23.1
|
PORT ENUMERATION AND SERVICE DETECTION
To get open port and service on spesific host we can use this command. Usually this command is used by network administrator or pentester to get information about server such as available port, running service, OS or packet version.
scan version of available service and ports
|
nmap -sV 21.22.23.1
|
aggresive port and service detection (lv1 - lv5)
|
nmap -sV --version-intensity 5 21.2.2.1
|
scanning range of port
| nmap –p 1-200 21.22.23.1 |
Scan most common port (fast mode)
|
nmap –F 21.22.23.1
|
Enable traceroute, OS and version detection
|
nmap -v -A 21.22.23.1
|
SCAN TECHNIQUE
there are some different scan method we can use, it depends on what we need. Usually nmap used TCP SYN technique by default and it's the most effective method, but if we can't use TCP SYN scan caused somekind of firewall the alternative is TCP Connect. The UDP scan is to get available udp port and the ack scan is used to identify port is filtered by the firewall or not, the disadvantage of this scan is can't identify open port so don't use it for get available port.
Scan using TCP SYN (default)
|
nmap -sS 21.22.23.1
|
Scan using TCP Connect
|
nmap -sT 21.22.23.1
|
Scan UDP Scan
| nmap -sU 21.22.23.1 |
Scan with ACK scan
|
nmap –sA 21.22.23.1
|