Skip to main content

Network scanning with nmap

By
nmap or network mapper is a great open-source tool for network scanning and port discovery. The detailed description of nmap is available on its official website. An interesting fact about nmap and its wide ranging applications from the website :p "...It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum."

Hoping that this has generated enough curiosity in you, lets focus on the very basic use of nmap in network subnet scanning. Network scanning is useful to detect hosts in the network that are reachable from the server on which nmap is run. It is also useful in security auditing of the servers exposed to internet.

We have a setup of 4 VMs on a local network with each having an IP address. The local network subnet is defined as 10.0.1.1/24 and the IPs in the below images verify this fact.


The goal is to verify that nmap is able to detect all the hosts in the local subnet 10.0.1.1/24. Execute the following command to scan the subnet:
`nmap <subnet.ip>`

It returns a list of hosts present on the subnet. nmap also performs a port scan on the live hosts and returns a list of ports that are open on those hosts.


nmap scanned 256 IP addresses i.e. the whole /24 subnet and found 4 hosts. It also scanned for ports on all hosts and found port 22 open which is the standard port running ssh service.


There are many uses for network scanning. I have used nmap for the following two cases:
  1. To find IP addresses of servers that are dynamically assigned IP addresses by DHCP.
  2. To detect all the running servers in a legacy infrastructure of hundreds of servers.

In conclusion, nmap is a simple yet powerful tool to scan subnets for running servers. It is also an important tool in security auditing. It gives information about all the open ports which can make servers vulnerable to various cyber-attacks. Use it wisely and make your systems more secure.
Labels:

Comments

Post a Comment

Popular posts from this blog

Using static IPs in Linux

By
It is often a requirement to assign static IP addresses to some important and permanent network interfaces. This is to avoid setting up a local DHCP server or relying on IP given by your network provider which may not be stable. This post shows steps to configure static IPs in Linux using Ubuntu 16.04 and Ubuntu 18.04 distros. We are considering two distros as network configuration has changed significantly in Ubuntu 18.04. There are two general steps to be followed: 1. Configure the network interface and assign a static IP. 2. Restart interface for the changes to take effect. Ubuntu 16.04  The current interfaces on the system are as follows: As can be seen, enp0s8 interface does not have any IP. Let's assign a static IP to it. In case you already have an interface with a DHCP assigned IP, you just need to change that IP and make it static. Edit the /etc/network/interfaces file and add the following code block. Prefer using the IP address range available for pri...
Post a Comment
Read more

Simple HTTP Server in Python

By
Have you ever come across a need to share a file over a local network to a number of machines? Have you ever felt the need to share output of a task in text files available at a web-endpoint? Often, there is a requirement to quickly setup a light-weight web-server for such requirements. Python provides the easiest way to setup a simple HTTP server for such use cases with a single command. Python comes pre-installed with Linux as many of the linux libraries use python in background. Therefore there is no extra overhead of installing python. With support for python2 getting stopped in April 2020, many of the newer versions of linux distros come with default python3. Therefore this post will focus on setting up an HTTP server using both python2 and python3. We will be using Ubuntu 16.04, however it will work for majority of the linux systems where python comes pre-installed. Preparation Steps to follow before starting the server: Make sure you are in the directory which you want ...
Post a Comment
Read more

Local domain name resolution using /etc/hosts

By
The /etc/hosts file is a powerful mechanism for managing the information about hosts in the local network in the absence of a local DNS server. Setup We have 4 VMs in the local /24 network. The following are the details: vm-1-ubuntu-16-04 - 10.0.1.11 vm-2-ubuntu-16-04 - 10.0.1.12 vm-1-ubuntu-18-04 - 10.0.1.21 vm-2-ubuntu-18-04 - 10.0.1.22 The VMs are reachable via their IP address but not by their hostnames. This is problematic because we have to remember their IP addresses everytime we want to access these hosts. It is would be much simpler to remember and access the servers by their hostnames. For that we need some sort of mapping between the IP addresses and their corresponding host names. There are 3 common ways of achieving this mapping. Setup a DNS server which handles resolution for your local network. Use an existing DNS server of the local Internet Service Provider (ISP) or any other higher level ISP. Note that a public static IP address is required for this s...
Post a Comment
Read more