|
|
Home  Workshops Workstation Using Zenmap 5.0 on Ubuntu 9.04
|
Using Zenmap 5.0 on Ubuntu 9.04 |
|
|
|
Friday, 09 October 2009 |
|
Page 2 of 4
How to use Zenmap
Useful commands
Nmap has a lot of options, which can be “painful “ for beginners. Some time it is not so easy to understand the options and the presented output. Beginners are now able to choose options from a menu, more advanced users can build and store their own commands. This also helps to double-check exactly what they will be run before they press the “Scan” button.
I very nice overview of the Nmap commands and usage you will find here:
http://linux.die.net/man/1/nmap
We will just take a short look to a few commands that will show Nmap’s power.
nmap -sV -T4 -O -F --version-light
Let’s start with a quick scan to get an overview in your network. The (-F) options specifies that you only wish to scan for ports listed in the nmap-services file (see /usr/share/nmap/nmap-services). This is much faster than scanning all 65535 ports on a host. The option (-sV) enables the version detection and (-O) will be used to detect the Operating System. The option (--version-light) is a convenience alias for --version-intensity 2. This light mode makes version scanning much faster, but it is slightly less likely to identify services. The (-T4) option prohibits the dynamic scan delay from exceeding 10ms for TCP ports.
nmap -A -T4 –v scanme.nmap.org
This command enables additional advanced and aggressive options. In this case its enables OS Detection (-O) and version scanning (-sV), script scanning (-sC) and traceroute (--traceroute). More features may be added in the future. The point is to enable a comprehensive set of scan options without people having to remember a large set of flags. The timing option (-T4) and the verbosity options (-v) can be used to achieve some minor speed adjustments and to increase the verbosity level. Without root privileges only version detection and script scanning are run.
nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389
These additional options add optimized host discovery features to your scan. This option (-PS) sends an empty TCP packet with the SYN flag set. The default destination port is 80, but an alternate port can be specified as a parameter. The SYN flag suggests to the remote system that you are attempting to establish a connection. Normally the destination port will be closed, and a RST (reset) packet sent back. If the port happens to be open, the target will take the second step of a TCP 3-way-handshake by responding with a SYN/ACK TCP packet. The machine running Nmap then tears down the nascent connection by responding with a RST rather than sending an ACK packet which would complete the 3-way-handshake and establish a full connection. The RST packet is sent by the kernel of the machine running Nmap in response to the unexpected SYN/ACK, not by Nmap itself.
The( -PA) option uses the same default port as the SYN probe (80) and can also take a list of destination ports in the same format but sends a TCP ACK Ping. The (-PE) option is used to enable the echo request behavior.
nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389
This additional option adds specifies which ports you want to scan and overrides the default. So you can specify (-p) to scan ports from 1 through 65535. If you like to scan UDP port as well, please use the (-sU) option.
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all
This is a comprehensive, slow scan. Every TCP and UDP port is scanned. OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute (--traceroute) are all enabled. Many probes are sent for host discovery. This is a highly intrusive scan.
|
|
Virus Info Feed
Alexa Traffic Stats
|
