nmap – the Network Mapper command
It’s just a few examples but nmap is a fantastic tool that can help you a lot. Remember, typing $ man nmap will give you a full list of all the tools at your disposal; many of these are very useful for exploring the security of your network and finding potentially vulnerable points.An open source tool, nmap is great for exploring your network, scanning it for security vulnerabilities and to audit your network. That said, new users might find nmap challenging to use because it´s so feature-rich: nmap comes with so many options that you might find it difficult to figure out, even if it does mean it is a very robust tool.The command is slightly different if you’re using RHEL or CentOS:We will now give you a basic overview of nmap including typical usage of the map command. To start off with, here is the instructions you need to install nmap if you have Ubuntu or Debian server:To try out some basic nmap commands we will make use of sudo privileges to ensure that the queries give complete results – not partial results. Remember, some nmap commands will take a little bit longer to execute.It’s an example of exactly how extensive the details are when you use nmap as a tool. If you want to experiment with nmap you could try to check out your own virtual private server, but you could also give nmap a go on the official nmap test server – located at scanme.nmap.org.There’s a file you can view for a wider picture of ports and services. Use this command:$ sudo nmap -sU mywebsite.com$ sudo nmap -sT mywebsite.com$ sudo nmap -n -Pn -sT -sU -p- mywebsite.comYou’ll note the -sT flag, this is usually what you’d specify to scan for TCP connections when a SYN scan cannot be performed.
Scanning for open ports on a domain
$ sudo nmap -vv mywebsite.comHere you can see we have used the -vv flag, which has a specific function. When you use -vv it means “verbose”, in other words, it will show you extensive output, including the process as nmap scans for open ports. Leave out the -vv flag and you will quickly see the difference.
List of ports that are listening for connections via TCP
We use two flags here: first -n which specified to nmap that it must not make a reverse domain resolution for an active IP address, where it finds one. -Pn disables pinging, treating all of the hosts as if they are online.$ sudo yum install nmap
List of ports that are listening for connections via UDP
It’s worth remembering that nmap will deliver very extensive information about the network that it is scanning. So, do not use nmap on a network unless you have permission to examine it – permission to scan it. You need to have a reason to use nmap, in other words, and the permission of the network owner.$ less /usr/share/nmap/nmap-services
Look at a specific port (instead of all ports)
So, -sU is what you use to get a UDP scan. However, you can scan for both UDP and TCP connections by using another flag, -sS. You’ll get a list covering both UDP and TCP.Throughout these examples we will make use of mywebsite.com as the example domain; replace your actual domain in place of mywebsite.com when you run this command.
Scan every open port on both TCP and UDP
In this case, -p means that you only look at the port number specified in place of “port_number”.$ sudo apt-get install nmap$ sudo nmap -p port_number mywebsite.com
