Friday, March 22, 2013

NMAP basic commands for Network Administrators

I was beginning to configure a firewall using the console cable, I set the ip address, username and password, later I tried to connect using the web browser and it did not work, so I decided to scan the firewall ip address using nmap and I found the port the firewall was listen to begin the configuration.

In some situations you need a network scanner, like the example above or if you want to see what ports are open in your servers.

Every time we got a new customer for IT support I begin to scan the network for live hosts and begin with basic commands.

The famous  scanner is nmap, you can download it from here.

You can install it in Windows or Linux. Please follow their instructions.

Basic commands:

Discovery live host in a network

nmap -sP 192.168.1.1-254

Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-22 13:25 Central Daylight Time
Nmap scan report for 192.168.1.1
Host is up (0.16s latency).
MAC Address: 00:23:EB:67:14:0F (Cisco Systems)
Nmap scan report for 192.168.1.2
Host is up (0.080s latency).
MAC Address: 88:43:E1:AC:28:E4 (Cisco Systems)
Nmap scan report for 192.168.1.5
Host is up (0.00s latency).
MAC Address: 64:AE:0C:EB:68:00 (Cisco Systems)
Nmap scan report for 192.168.1.20
Host is up (0.14s latency).
MAC Address: 00:18:FE:9F:9A:2D (Hewlett-Packard Company)
Nmap scan report for 192.168.1.21
Host is up (0.13s latency).
MAC Address: 00:14:38:4A:68:EA (Hewlett-Packard Company)

Did you notice that it tells you the ip address, mac and including the device brand?. Just look those three Cisco devices, you are a network administrator, you need that information, they are your devices for support.

Finding ports open (simple)

nmap 10.1.32.232

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-22 13:53 CDT
Nmap scan report for 10.1.32.232
Host is up (0.15s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
23/tcp   open  telnet
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
3306/tcp open  mysql
8009/tcp open  ajp13
8180/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 17.74 seconds

Finding ports open with name of services

nmap -sV 10.1.32.232

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-22 13:55 CDT
Nmap scan report for 10.1.32.232
Host is up (0.15s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE VERSION
21/tcp   open  ftp     ProFTPD 1.3.1
22/tcp   open  ssh     OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp   open  telnet  Linux telnetd
25/tcp   open  smtp    Postfix smtpd
53/tcp   open  domain  ISC BIND 9.4.2
80/tcp   open  http    Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
3306/tcp open  mysql   MySQL 5.0.51a-3ubuntu5
8009/tcp open  ajp13?
8180/tcp open  unknown
Service Info: Host:  metasploitable.localdomain; OSs: Unix, Linux; CPE: cpe:/o:linux:kernel
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 175.29 seconds

It is very simple, this simple scan helped me to find all the devices in the network and the most important are the firewalls, switches, servers, access point, etc, etc.

This tool is very important for security and network administrators, takes a little time and practice to master it and you will call yourself Master Joda when you done.


No comments:

Post a Comment