[go: up one dir, main page]
Scribd
Upload
31 views36 pages

Nmap Scanning Types and Commands

Uploaded by

a42853780
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views36 pages

Nmap Scanning Types and Commands

Uploaded by

a42853780
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

Network Scanning?

1. Scanning Techniques
2. Wireshark
3. Evasion Techniques

1
GOAL OF SCANNING
NETWORK SCAN


VIRTUAL MACHINES

❑ Kali Linux (Attacker Machine)

❑ Windows server 12 or windows 7 (Victim Machine)

Metasploitable (Victim Machine)



CHECK CONNECTIVITY

❑ ping 192.168.47.131 (Metasploitable)

❑ ping 192.168.47.133 (Windows)


CHECK CONNECTIVITY WITH NMAP

❑ nmap -sn 192.168.47.131



nmap -sn 192.168.47.133
ARP PROTOCOL

❑ arp –e (arp table)

❑ Evade ping blocking


sudo nmap -sn 192.168.47.133 -PR
HOP

❑ nmap -sn --traceroute google.com



nmap -sn 192.168.47.131
SCAN TARGET PORTS

❑ Scan single port


nmap -p 80 192.168.47.131
nmap -p 80 192.168.47.133

Open Wireshark and capture traffic to see
weather port is open or close
❑ Scan multiple ports
nmap -p 80,21,24 192.168.47.131

❑ Scan range of ports


nmap -p 1-100 192.168.47.131
SCAN TARGET PORTS

❑ Scan without specifying ports


nmap 192.168.47.131

❑ Scan total 65534 ports


nmap -p- 192.168.47.131

❑ Scan TCP port


nmap –sT 192.168.47.131

❑ Scan UDP port


nmap -sU 192.168.47.131
SCAN IP ADDRESS

❑ Scan single IP address


nmap 192.168.47.131

❑ Scan multiple IP address


nmap 192.168.47.131,132,133

❑ Scan range of IP address


nmap 192.168.47.*

❑ Scan list of IP address


nmap -iL list.txt
SCAN IP ADDRESS

❑ Scan by service instead of port


number
nmap –p telnet192.168.47.131
SCAN SERVICE VERSION

❑ sudo nmap -sV 192.168.47.131

❑ Scan on specific port


sudo nmap -sV 192.168.47.131 -p 21

❑ Increase intensity on version scan (0-9) sudo


nmap -sV --version-intensity 9 -p 21 192.168.47.131
SCAN OS

❑ Scan OS
sudo nmap -O 192.168.47.131
sudo nmap --ossscan-guess 192.168.47.131
AGGRESSIVE SCAN

❑ Aggressive scan detect version, OS, can


run scripts and perform various scans
sudo nmap -A 192.168.47.131
Network Scanning?
1. Evasion Techniques
2. Use Wireshark with all
Scans

22
EVASION TECHNIQUES

❑ Stealth scan
sudo nmap -sS -p 80 192.168.47.131

❑ Xmas scan
sudo nmap -sX -p 80192.168.47.131
❑ Null scan
sudo nmap -sN -p 80 192.168.47.131

❑ Fin scan
sudo nmap -sF -p 80 192.168.47.131
EVASION TECHNIQUES

❑ Decoy Scan (send packets from random number of address


sudo nmap -sS -D RND:2 192.168.47.131

❑ Decoy Scan (send packets from manually given number of


addresses)
sudo nmap -sS -D 1.1.1.1,2.2.2.2 192.168.47.131
EVASION TECHNIQUES
❑ Idle Scan
• To perform idle, first find the vulnerable systems in network using
Metasploit Framework.
• Then use those systems to perform scan on target.
• Execute the following commands
1. sudo msfconsole (to run metasploit)
2. search idle ip
3. use 0
4. show options
5. set rhosts 192.168.47.0-255
6. exploit
7. sudo nmap -sl [ idle ip from results of rhosts (incremental) ]
[ target ip ] -p21
Network Scanning?

1.Nmap Timing and Performance


Scan

26
NMAP TIMING AND PERFORMANCE SCAN

• Timing templates are used to run scans faster or slower


based on your target or working environment.

• The templates range from T0-T5, where T0 is the slowest


and T5 is the fastest.

• Slower scans are very useful in evading IDS whereas faster


scans are useful in larger scans.

• Faster scans can also be reliable in terms of the results.

• T3 is the default timing template used by Nmap.


NMAP TIMING AND PERFORMANCE SCAN
NMAP TIMING AND PERFORMANCE SCAN

❑ Paranoid scan (T0)


sudo nmap 192.168.47.131 -T0

❑ Sneaky scan (T1)


sudo nmap 192.168.47.131 -T1

❑ Polite scan (T2)


sudo nmap 192.168.47.131 -T2

❑ Normal scan (T3)


sudo nmap 192.168.47.131 -T3
NMAP TIMING AND PERFORMANCE SCAN

❑ Aggressive scan (T4)


sudo nmap 192.168.47.131 -T4

❑ Insane scan (T5)


sudo nmap 192.168.47.131 -T5
NMAP TIMING AND PERFORMANCE SCAN

Parallelism

• Parallelism is used to specify the number of parallel
scanning processes is being run
during a scan.
• –min-parallelism is used to specify the minimum whereas
–max-parallelism is used to specify the maximum.

nmap -sV --min-parallelism 10 192.168.47.131


NMAP TIMING AND PERFORMANCE SCAN

❑ Host Group Sizes


• You can customize the minimum and maximum host group size
when performing large scans that involve entire subnets. The host
group size allows you to specify how many hosts to scan
simultaneously.
• –min-hostgroup (minimum)
• –max-hostgroup (maximum)

nmap -sS -p21-443 --min-hostgroup 192.168.47.131


NMAP TIMING AND PERFORMANCE SCAN

❑ Host Timeout
• Host timeout is used to specify the amount of time to elapse when
scanning a target before skipping the host.
• Example: If the target takes more than 30 seconds to respond,
skip it.

nmap -Pn -p- 192.168.47.1-255 --host-timeout 30s


NMAP TIMING AND PERFORMANCE SCAN

❑ Scan Delays
• This allows you to pause Nmap for a specific amount of time
between each probe/request.
• This is great for targets or systems that have some form of
rate-limiting in place.

nmap -sT --scan-delay 10s 192.168.47.131


NMAP TIMING AND PERFORMANCE SCAN

Packet Rate

• This option allows you to specify the minimum and maximum
amount of packets you want to send per
second.

nmap -sT --max-rate 50 192.168.47.131


NMAP TIMING AND PERFORMANCE SCAN

Packet mtu (maximum transmission unit) size increase


❑ or
decrease in multiple of 8
sudo nmap --mtu 16 RND:2 192.168.47.131

❑ Fragmented packets (send packets in fragments normally in


size of 8)
sudo nmap -f 192.168.47.131
MAC ADDRESS SPOOFING

❑ Random
nmap --spoof-mac 0 -p 21 192.168.47.131

❑ Manual
nmap --spoof-mac [manual mac address ] -p 21
192.168.47.131

❑ From mac vendor


nmap --spoof-mac dell -p 21 192.168.47.131
PORT SPOOFING/MANUPLATION

❑ sudo nmap --source-port 53 192.168.47.131 -p 21

You might also like