Penetrating firewalls and discovering secrets Concepts — The Nmap Ninja

3 days ago 9

Nmap, which stands for Network Mapper, is a free and open source programme used for port scanning, vulnerability analysis, and, obviously, network mapping. Despite being developed back in 1997, Nmap continues to serve as the benchmark by which all other comparable tools, whether they are open source or commercial, are measured.

Nmap is described as a tool that a network administrator can use in their networked system to discover or diagnose services that are operating on an Internet-connected system in order to spot potential security problems. It is utilized to automate duplicate duties, including service monitoring.

It can search for hosts connected to the Network.

2. It can search for free ports on the target host.

3. It detects all services running on the host with the help of operating system.

4. It also detects any flaws or potential vulnerabilities in networked systems.

Different types of scan to be done using Nmap


Between you and a closet target system, it completes a three-way handshake. Due to the services’ ability to log into the sender IP address and activate an intrusion detection system, the TCP scan is exceedingly loud and virtually impossible to detect.


The UDP scan is used to see if the target system has a UDP port open and is waiting for incoming requests.


It is an additional type of TCP scan. When Nmap creates a sync packet, a TCP connection is established as the first packet transmitted.


To identify a specific port that has been filtered, utilize ACK scans. When attempting to look for firewalls and their current rules, it reveals to be really helpful.


Bang scans are similar to SYN scans. If it receives the input, it delivers the TCP fin packet rather than the RST packet (reset packet) to prevent false scans and negativity from being visible in the scan.


The extremely stealthy null scan zeroes out all header data, as the name suggests. Due to the fact that it is an invalid packet, the targets won’t know how to handle it.


Due to the way Windows computers implement their TCP stack, they will not respond to X MAS scans. A scanning packet’s Name is derived from a series of flags that are set off within it. The PSH, URG, and FIN flags in TCP headers can be changed via XMAS scans.


Machines that respond to Remote Procedure Call services are found via RPC scanning (RPC). It enables remote to operate on a certain system using a specific set of connections. Various ports are open for the RPC service to use. As a result, it might be difficult to tell if RPC services are active through routine checks.


Given that packets are bounced from external hosts, IDE scan is the most secure scan. The host does not need to be in control, but it must meet a set of requirements.

To learn how the commands in Nmap function, read part 2.

Thank you for Reading This content.I hope you got some Knowledge from this post.Grow your Knowledge with medium.

Read Entire Article