Interrogating the Network with nmap

When you absolutely need to know everything you can about a network or host, nmap can help.

The network monitoring tools discussed so far all achieve their goals by passively listening to traffic on the network. You can often get better results by actually asking machines directly for information rather than waiting for them to divulge it on their own. To find out more information about a particular machine (or an entire network of machines), you need a good active scanning utility. One of the most advanced and widely used network scanners is nmap. It is available at http://www.insecure.org/nmap/, and is best summarized by the description on the web site:

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

The most common use for nmap is to scan the TCP ports on a machine to determine which services are available. If run as root, it can also use advanced TCP fingerprinting techniques to make an educated guess about the OS of the target machine.

caligula:~# nmap -O 10.15.6.1 Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on florian.rob.swn (10.15.6.1): (The 1590 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 53/tcp open domain 80/tcp open http 179/tcp open bgp ...

Get Wireless Hacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.