Nmap

From DikapediaV2
Jump to: navigation, search


nmap - "Network Mapper", Network exploration tool and security/port scanner. Very useful for troubleshooting and checking if ports are open/closed/filtered.


In comparison to telnet, nmap is actually smart enough that it can tell the difference between a closed port that is truly closed and a closed port behind a firewall.

  • closed - if a port is truly closed or down.
  • filtered - blocked by some firewall
  • open

open

   An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network. 

closed

   A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next. 

filtered

   Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.

unfiltered

   The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open. 

open|filtered

   Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.

closed|filtered

   This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.


Add: https://wiki.onap.org/display/DW/Nmap https://nmap.org/book/man-port-scanning-basics.html

How to use nmap


My preferred method:

# nmap -Pn dikapedia.com -p 443
Starting Nmap 7.70 ( https://nmap.org ) at 2022-08-11 01:34 UTC
Nmap scan report for dikapedia.com (23.20.238.64)
Host is up (0.0012s latency).
rDNS record for 23.20.238.64: ec2-23-20-238-64.compute-1.amazonaws.com

PORT    STATE SERVICE
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
  • Pn is for Treat all hosts as online -- skip host discovery

To scan an IP address

$ nmap [ip.add.re.s]   

---

$ nmap 34.195.120.102
Starting Nmap 6.40 ( http://nmap.org ) at 2020-02-14 01:33 UTC
Nmap scan report for ec2-34-195-120-102.compute-1.amazonaws.com (34.195.120.102)
Host is up (0.00064s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

To scan a specific port:

$ nmap -p 80 [ip.ad.dr.es]
$ nmap [ip.ad.dr.es] -p 80

---

$ nmap 34.195.120.102 -p 22 

Starting Nmap 6.40 ( http://nmap.org ) at 2020-02-14 01:35 UTC
Nmap scan report for ec2-34-195-120-102.compute-1.amazonaws.com (34.195.120.102)
Host is up (0.00059s latency).
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds