Nmap scan online

Scanning your network for open ports and services is a critical part of assessing your attack surface and identifying vulnerabilities. An NMAP (Network Mapper) port scan finds hosts on your network and identifies open TCP and UDP ports, services running on those ports, and the operating system running on targeted hosts.What is Port Scanning?As a network grows and more devices connect to it, an administrator might want to gather a list of devices and services running on the network. NMAP is a Linux command that scans the network and finds open ports and services connected to the environment. The primary purpose for an NMAP port scan is to audit the network, but it’s also useful for finding vulnerabilities open to possible exploits.After running the NMAP command and scanning a host, the output displays open ports on the targeted machine. The following image is an example of NMAP output showing open ports: What is UDP vs TCP/IP?Two protocols are common on a standard network: UDP and TCP. User Datagram Protocol (UDP) is a connectionless protocol, meaning that a computer sends a message to a recipient without knowing if the recipient is available or receives it. Basic online text messaging software uses UDP, because it’s unnecessary to know if the other party is online to receive the message.Transmission Control Protocol (TCP) is a connection-based protocol where a handshake happens before transmission of data. UDP is more lightweight than TCP, but TCP ensures that the other party is online and available using a process called the handshake. The TCP handshake is common with web applications where the handshake happens before a user downloads content from a server.The IP (Internet Protocol) component in TCP/IP is the address assigned to every connected machine – servers, mobile devices, desktop computers, IoT devices, and any other machine that needs to send and receive data. Most applications use TCP/IP for its connection-based data transfers, but UDP is also useful for lightweight notification and chat applications.The NMAP tool scans for open TCP and UDP ports on connected devices. Look at the output after running an NMAP command, and the open ports listed also display the protocol. NMAP also tells you if the state is open or closed, and the service running on the port.What is Network Mapper (NMAP)?The NMAP tool is a scanning application with a graphical user interface (GUI) or a standard command-line interface. The tool finds computers

Ping 192.168.x.xDetecting FTP Connection Example $HOME_NET 21 (msg:”FTP connection attempt”; sid:1000002; rev:1;)- snort -c /etc/snort/snort.conf -q -A console- ftp 192.168.x.x">Creating Rule for FTP- sudo gedit /etc/snort/rules/local.rules- alert tcp 192.168.x.x any -> $HOME_NET 21 (msg:”FTP connection attempt”; sid:1000002; rev:1;)- snort -c /etc/snort/snort.conf -q -A console- ftp 192.168.x.xSnort Nmap Scan Detecting ExamplesNmap Scan Detect Without Rule- snort -c /etc/snort/snort.conf -q -A console- nmap -sP 192.168.x.x --disable-arp-ping $HOME_NET any (msg:”Nmap Scan Detected”; sid:1000001; rev:1; classtype:icmp-event;)- snort -c /etc/snort/snort.conf -q -A cmg- nmap -sP 192.168.x.x --disable-arp-ping">Nmap Scan Detect With Rule- sudo gedit /etc/snort/rules/local.rules- alert icmp 192.168.x.x any -> $HOME_NET any (msg:”Nmap Scan Detected”; sid:1000001; rev:1; classtype:icmp-event;)- snort -c /etc/snort/snort.conf -q -A cmg- nmap -sP 192.168.x.x --disable-arp-ping $HOME_NET 22 (msg:”Nmap TCP Scan Detected”; sid:10000005; rev:2; classtype:tcp-event;)- snort -c /etc/snort/snort.conf -q -A console- nmap -sT -p22 192.168.x.x">Nmap TCP Scan Detect With Rule- sudo gedit /etc/snort/rules/local.rules- alert icmp 192.168.x.x any -> $HOME_NET 22 (msg:”Nmap TCP Scan Detected”; sid:10000005; rev:2; classtype:tcp-event;)- snort -c /etc/snort/snort.conf -q -A console- nmap -sT -p22 192.168.x.xThis experiment was part of The Learning tasks during The CodeAlpha internship.

1. OverviewThe nmap command, short for Network Mapper, is a command-line tool in Linux used to scan a network to discover open ports and services, such as servers, routers, and switches. This open-source tool enables administrators and cybersecurity practitioners to map out networks and detect vulnerabilities.In addition to its powerful command-line features, nmap also offers a graphical user interface called Zenmap. This version is easier to use for those with less experience with the command-line interface and introduces a great visual representation of the network for better understanding.In this article, we’ll explore various functionalities of the nmap command, such as port and host operating system discovery, among others.2. Install nmap CommandWhile most Linux distributions come with the nmap package preinstalled, some do not. Therefore, before using the nmap command, it’s essential to ensure that the necessary package is installed on the system.Let’s proceed with installing nmap using the apt command:$ sudo apt-get install nmapBasically, this command is specific to Debian-based Linux systems, such as Ubuntu, and will install the nmap package and its dependencies after execution.Additionally, we can also use the dnf command to install nmap. Using this command is particularly useful for systems running Fedora, CentOS, or Red Hat.For example, let’s show how to install nmap using the dnf command:$ sudo dnf install nmapOnce the installation is complete, the screen displays a message indicating that the process finished successfully. This message includes information about the installed version of nmap.3. Common nmap Command OptionsThe basic syntax and structure of the nmap command are straightforward:$ nmap [Scan Type(s)] [Options] {target specification}[Scan Type(s)]: refers to the types of scans we want to perform, such as TCP SYN scan, TCP connect scan, UDP scan, and many others[Options]: represents flags that modify the behavior of the scan[target specification]: specifies the target for the scan.

Targets can be IP addresses, hostnames, IP ranges, CIDR notation, or a combination of theseNow, let’s explore common options available with the nmap command:OptionsDescription-snconducts a ping scan to discover available hosts-pconducts scan on specific port on the network-Aenables OS detection, version detection, script scanning, and traceroute-Oenables OS detection-Fenables fast port scanning-vincreases verbosity level-oNprovides output to scan in a text file-sVprobes open ports to determine service/version information-iLreads and scans files containing IP addresses and host namesWith these numerous options, we can use the nmap tool to conduct scans, discovering open ports, services, hosts, and vulnerabilities in a network.4. Common nmap Command ExamplesLet’s explore practical examples of using the nmap command with various options. In particular, for these examples, we can use www.example.com and scanme.nmap.org as the target.4.1. Scanning a Single Host or IP AddressWe can use the nmap command to scan a single host or IP address. What this basic command does is provide information about the available services and open ports in the target.Now, for example, let’s use nmap to scan the hostname:$ nmap example.comStarting Nmap 7.94SVN ( ) at 2024-04-24 13:48 EDTNmap scan report for example.com (93.184.215.14)Host is up (0.18s latency)....Overall, the scan results provide valuable information about the services running on the target system associated with the domain. Furthermore, the open ports show the presence of web services, email services, and others. On the other hand, the filtered ports indicate that a firewall configuration is present.4.2. Scanning a Particular IP RangeThe nmap command can be used to get information about an entire subnet. We can achieve this by specifying the IP address and adding the CIDR notation to it.For example, let’s see how nmap scans an entire subnet:$ nmap 45.33.32.0/20 Starting Nmap 7.94SVN ( ) at 2024-04-24 14:28 EDTNmap done: 4096 IP addresses (0 hosts up) scanned in