Articles, Linux, Monitoring, Networking, Security

Run a Security Scan on Your Network with Nmap

by  •  • 0 Comments

NMAP the Network Exploration Tool and Security / Port Scanner

The “Network Mapper” or Nmap (the actual command) is an extremely useful tool for determining what is on your network, what

Run a Security Scan of Your Network with Nmap

Run a Security Scan of Your Network with Nmap

ports UDP or TCP are open, what operating systems are running, what IP addresses are available, etc…  It can be used for network inventory, security audits, etc…  If nothing else, it can be fun to run and see what is up and running on which machines and addresses on your network.

When a machine or host is scanned with nmap, a list of ports will likely be in your report.  You will see that the state of the port is one of the following:

  • Open – an application or program is up and running on that target machine listening for packets on that port.
  • Filtered – A firewall, or other network filtering tool is blocking that port and nmap cannot tell if it is open or closed.
  • Closed – Nothing is listening on the port.
  • Unfiltered – A scan could not determine if the port was open or closed



Use some of the examples below to run a security scan on your Network with Nmap.  I am sure that you will learn something new about your network from your scan.

Use Nmap to Scan Your Machine for Open Ports

# yum install nmap
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: ftpmirror.your.org
 * epel: mirror.chpc.utah.edu
 * extras: mirror.hmc.edu
 * updates: mirrors.bluehost.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nmap.x86_64 2:5.51-3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package        Arch             Version                   Repository      Size
================================================================================
Installing:
 nmap           x86_64           2:5.51-3.el6              base           2.7 M

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 2.7 M
Installed size: 9.7 M
Is this ok [y/N]: y
Downloading Packages:
nmap-5.51-3.el6.x86_64.rpm                               | 2.7 MB     00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 2:nmap-5.51-3.el6.x86_64                                     1/1
  Verifying  : 2:nmap-5.51-3.el6.x86_64                                     1/1

Installed:
  nmap.x86_64 2:5.51-3.el6

Complete!

Run A simple nmap with typical verbosity

# nmap www.uptimemadeeasy.com

Starting Nmap 5.51 ( http://nmap.org ) at 2014-01-07 20:23 MST
Nmap scan report for bigmachine.uptimemadeeasy.com (10.1.1.25)
Host is up (0.020s latency).
rDNS record for 10.1.1.25: bigmachine.uptimemadeeasy.com
Not shown: 993 filtered ports
PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
25/tcp   open   smtp
80/tcp   open   http
783/tcp  closed spamassassin
993/tcp  open   imaps
8000/tcp closed http-alt

Nmap done: 1 IP address (1 host up) scanned in 4.83 seconds

Or Use Nmap to Scan a Complete Network

# nmap 10.1.1.0/24

Starting Nmap 5.51 ( http://nmap.org ) at 2014-01-07 20:25 MST
Nmap scan report for 10.1.1.1
Host is up (0.00028s latency).
Not shown: 996 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
23/tcp  open  telnet
80/tcp  open  http
443/tcp open  https
MAC Address: D0:D0:FD:C2:B1:02 (Cisco Systems)

Nmap scan report for 10.1.1.2
Host is up (0.00024s latency).
Not shown: 989 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
139/tcp   open  netbios-ssn
199/tcp   open  smux
443/tcp   open  https
445/tcp   open  microsoft-ds
548/tcp   open  afp
873/tcp   open  rsync
2049/tcp  open  nfs
50000/tcp open  ibm-db2
MAC Address: 00:24:FD:C2:2F:E2 (Netgear)

Nmap scan report for 10.1.1.6
Host is up (0.0030s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:25:24:0A:B0:98 (Dell)

Nmap scan report for bigmachine.uptimemadeeasy.com (10.1.1.20)
Host is up (0.00020s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
5900/tcp open  vnc
5901/tcp open  vnc-1
MAC Address: 00:19:24:FE:C9:29 (Dell)

...

 

Run Nmap in Verbose Mode

# nmap -v bigmachine.uptimemadeeasy.com

Starting Nmap 5.51 ( http://nmap.org ) at 2014-01-07 20:33 MST
Initiating Ping Scan at 20:33
Scanning bigmachine.uptimemadeeasy.com (10.1.1.25) [4 ports]
Completed Ping Scan at 20:33, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 20:33
Completed Parallel DNS resolution of 1 host. at 20:33, 0.00s elapsed
Initiating SYN Stealth Scan at 20:33
Scanning www.uptimemadeeasy.com (10.1.1.25) [1000 ports]
Discovered open port 80/tcp on 10.1.1.25
Discovered open port 22/tcp on 10.1.1.25
Discovered open port 25/tcp on 10.1.1.25
Discovered open port 993/tcp on 10.1.1.25
Completed SYN Stealth Scan at 20:33, 4.59s elapsed (1000 total ports)
Nmap scan report for bigmachine.uptimemadeeasy.com (10.1.1.25)
Host is up (0.021s latency).
rDNS record for 10.1.1.25: bigmachine.uptimemadeeasy.com
Not shown: 993 filtered ports
PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
25/tcp   open   smtp
80/tcp   open   http
783/tcp  closed spamassassin
993/tcp  open   imaps
8000/tcp closed http-alt

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.70 seconds
           Raw packets sent: 1998 (87.884KB) | Rcvd: 31 (2.000KB)

Other Nmap Examples

# List Scan - just list the targets that will be scanned
nmap -sL 10.1.1.0/24 
# Ping Scan - get a list of hosts that are up and running  
nmap -sP 10.1.1.0/24

# Scan a Port Range on a specific machine
nmap -p1024-65535 10.1.1.25

# Detect the Operating System for a Host
nmap -O 10.1.1.25

# Put output into a "greppable" file format
nmap -O -oG myfile 10.1.1.0/24

# There are tons of other advanced options that you may wish to explore.  Try a man nmap to get more options.
The following two tabs change content below.

Jeff Staten

Jeff has 20 years of professional IT experience, having done nearly everything in his roles of IT consultant, Systems Integrator, Systems Engineer, CNOC Engineer, Systems Administrator, Network Systems Administrator, and IT Director. If there is one thing he knows for sure, it is that there is always a simple answer to every IT problem and that downtime begins with complexity. Seasoned IT professional by day, Jeff hopes to help other IT professionals by blogging about his experiences at night on his blog: http://uptimemadeeasy.com. You can find Jeff on or LinkedIn at: LinkedIn or Twitter at: Twitter

Latest posts by Jeff Staten (see all)

Related posts:

Ssh allows you to tunnel traffic to other ports through the firewall using your ssh Connection.Connect to Blocked Ports with SSH Tunneling 10 Tcpdump Examples to Help You Watch Your IP Traffic Linux Logins by ScheduleSshd Allow Login by Time Schedule Connected with VNCInstall VNC Server on Linux

Leave a Reply

Your email address will not be published. Required fields are marked *