Tag Archives: nmap

nmap : cool program to analize ports opened in remote server

Nmap Basic in Backtrack 5

backtrack has its nmap installed inside, the use of nmap it to scan other computer ports. it is the part of penetration testing. after we know what ports opened and what application possibly installed on computer, we can go further by trying to attack the application.

nmap logo

nmap basic, taken from http://nmap.org/bennieston-tutorial/

nmap has some basic options :
1. -sT : TCP Connect, using method connect(), we can determine wheter the port opened or not, but it is easily to detect by firewall/intrusion detection software.
2. -sS : SYN stealth scan, using syn to begin connection then sending rst to stop initiation connection, so that no connection will be made. it results in harder detection.
3. -sF, -sN, -sX : FIN, NULL, Xmass Tree Scan. FIN will send Fin Flag, Null will set no flag and Xmass Tree sets the FIN, URG and PUSH flags. It is used to avoid system detection.
4. -sP : Ping Scan , scan with ping command to determine whether the target online or not
5. -sU : UDP Scan , scan port with UDP packet.
6. -sO : IP Protocol Scan, scan port using ip raw packet.
7. -sI : Idle Scanning, more advanced scanning mode
8. -sV : Version Detection,
9. -sA : ACK Scan,
10. -sW, -sR, -sL : Window Scan, RPC Scan, List Scan,

using those basic options we can determine the ports opened in target.
example command

1 open terminal
2 enter the command
nmap -sS 127.0.01

so it will look like this

#rootbt: nmap -sS
Host is up (0.0021s latency).
Not shown: 991 closed ports
21/tcp open ftp
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 7.06 seconds