Mapping Your Network

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap can adapt to network conditions including latency and congestion during a scan. Marking it very useful to check a system for possible cyber attacks.

Nmap started as a Linux utility and was provided to other systems including Windows, macOS and android.It is most popular on Linux, followed by Windows.

Nmap features include:

• Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.

• Port scanning– Enumerating the open ports on target hosts.

• Version detection – Interrogating network services on remote devices to determine application name and version number.

• TCP/IP stack fingerprinting – Determining the operating system and hardware characteristics of network devices based on observations of network activity of said devices.

• Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
This could show you exactly what devices are attached to your network.

What Are Ports?

On modern operating systems, ports are numbered addresses for network traffic. Different kinds of services use different ports by default.

For example, regular web traffic uses port 80, while the email uses port 110. One of the ways that a firewall works is by allowing or restricting traffic over a particular port.

Because the port configuration can cause a security risk, it’s critical to know which ports are open and which are blocked.

How to Scan Nmap Ports

To scan Nmap ports on a  remote system, enter the following in the terminal:

sudo nmap 123.456.78 (IP address)

Replace the IP address with the IP address of the system you’re testing. This is the basic format for Nmap, and it will return information about the ports on that system.

In addition to scanning by IP address, you can also use the following commands to specify a target:

To scan a host:

nmap www.hostname.com

To scan a range of IP addresses (.1 – .10):

nmap 192.168.0.1-10

To run Nmap on a subnet:

nmap 192.168.0.1/13

To scan targets from a text file:

nmap –iL textlist.txt

Scan a Single Port, All Ports, or Series

Nmap commands can be used to scan a single port or a series of ports:

Scan port 80 on the target system:

nmap –p 80 192.168.0.1

Scan ports 1 through 200 on the target system:

nmap –p 1-200 192.168.0.1

Scan (Fast) the most common ports:

nmap –F 192.168.0.1

To scan all ports (1 – 65535):

nmap –p– 192.168.0.1

So by understanding how your network is working and what ports are open you have more information on how cyber criminals target open or weak domains, ports and other unprotected locations.

Common Ports

Here is a brief list of standard ports and their designations:

• 21 – FTP

• 22 – SSH

• 25 – SMTP (sending email)

• 53 – DNS (domain name service)

• 80 – HTTP (web server)

• 110 – POP3 (email inbox)

• 123 – NTP (Network Time Protocol)

• 143 – IMAP (email inbox)

• 443 – HTTPS (secure web server)

• 465 – SMTPS (send secure email)

• 631 – CUPS (print server)

• 993 – IMAPS (secure email inbox)

• 995 – POP3 (secure email inbox)

Leaving any of these open or unprotected by your firewall will make you a target for cyber crime.

Conclusion

Nmap adds a versatile tool to any system administrator’s arsenal for debugging and locating security flaws.

This is the first in a series of cyber security blogs that we are putting together to showcase the basic tools used by cyber security professionals and hackers.