Skip to main content

Network scanning with nmap

By
nmap or network mapper is a great open-source tool for network scanning and port discovery. The detailed description of nmap is available on its official website. An interesting fact about nmap and its wide ranging applications from the website :p "...It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum."

Hoping that this has generated enough curiosity in you, lets focus on the very basic use of nmap in network subnet scanning. Network scanning is useful to detect hosts in the network that are reachable from the server on which nmap is run. It is also useful in security auditing of the servers exposed to internet.

We have a setup of 4 VMs on a local network with each having an IP address. The local network subnet is defined as 10.0.1.1/24 and the IPs in the below images verify this fact.


The goal is to verify that nmap is able to detect all the hosts in the local subnet 10.0.1.1/24. Execute the following command to scan the subnet:
`nmap <subnet.ip>`

It returns a list of hosts present on the subnet. nmap also performs a port scan on the live hosts and returns a list of ports that are open on those hosts.


nmap scanned 256 IP addresses i.e. the whole /24 subnet and found 4 hosts. It also scanned for ports on all hosts and found port 22 open which is the standard port running ssh service.


There are many uses for network scanning. I have used nmap for the following two cases:
  1. To find IP addresses of servers that are dynamically assigned IP addresses by DHCP.
  2. To detect all the running servers in a legacy infrastructure of hundreds of servers.

In conclusion, nmap is a simple yet powerful tool to scan subnets for running servers. It is also an important tool in security auditing. It gives information about all the open ports which can make servers vulnerable to various cyber-attacks. Use it wisely and make your systems more secure.
Labels:

Comments

Post a Comment

Popular posts from this blog

Local domain name resolution using /etc/hosts

By
The /etc/hosts file is a powerful mechanism for managing the information about hosts in the local network in the absence of a local DNS server. Setup We have 4 VMs in the local /24 network. The following are the details: vm-1-ubuntu-16-04 - 10.0.1.11 vm-2-ubuntu-16-04 - 10.0.1.12 vm-1-ubuntu-18-04 - 10.0.1.21 vm-2-ubuntu-18-04 - 10.0.1.22 The VMs are reachable via their IP address but not by their hostnames. This is problematic because we have to remember their IP addresses everytime we want to access these hosts. It is would be much simpler to remember and access the servers by their hostnames. For that we need some sort of mapping between the IP addresses and their corresponding host names. There are 3 common ways of achieving this mapping. Setup a DNS server which handles resolution for your local network. Use an existing DNS server of the local Internet Service Provider (ISP) or any other higher level ISP. Note that a public static IP address is required for this s...
Post a Comment
Read more

Programmer's Guide: The "set" command in bash

By
The "set" command in shell allows you to set various shell options and positional parameters. The purpose of this post is to highlight how much this command has been helpful to me in my bash programming. I would not go into much depth about all the possible flag, because you can find many posts and documentation on the internet, like this post by GNU, which cover all the possible options that the "set" command provides. I will mainly focus on two options, The " set -x " option:  This option allows us to print commands and their arguments, after they are expanded (interpolated) but before they are executed. Let us execute a simple hello world programme in bash.   When the programme is executed, we see the entire printf statement being printed before the actual "Hello World!" message is printed. This way, we can check the command that is being executed along with its output. Setting the flag also expands any variables or ar...
1 comment
Read more

Manage system hostname with hostnamectl

By
This article explains the simplest method to set hostname and Fully Qualified Domain Name (FQDN/fqdn) of any given system using hostnamectl Check that hostnamectl is present on the system by typing it in a shell. You will see output similar to the one given below. In case hostnamectl is not found, it is a good idea to install it. sudo apt update sudo apt install systemd-services Verify the static hostname given above using the following command: Also verify it by checking /etc/hostname file Change the hostname and set the desired hostname by running the following command and authenticating with the password. hostnamectl set-hostname <hostname> Start a new shell session or reconnect to the server to see the change in the hostname Again run above steps to verify that hostname has been changed correctly. Configure FQDN While the above process may suffice to identify the host in the local network, it is not enough when the host is to be identifi...
Post a Comment
Read more