NMap: Free open source utility for network mapping and security auditing. It is usefull for network inventory,managing services and monitering hosts or ervice upgreads. It use raw IP packets to determine what hosts are avaliable on the network, what services host offering, what OS Running and Version of applications and also the OS version,what types of packet filters/firewalls are in use etc. It is design to scan rapidly and large network but works fine against single hosts.
Running OS Platform : allmost all Linux, windows,and Mac OS . It executable on command line as well as GUI based (ZanMap)
Download here :
nmap scan types:
- TCP connect -the most reliable scan type but also the most detectable. Open ports reply with SYN/ACK while closed ports reply with a RST/ACK .
- XMAS tree scan-chicking for TCP services by sending XMAS-tree packets, Its name so because FIN,URG and PSH flag are set and Closed ports reply with a RST flag.
- SYN stealth scan: also known as half open scan. attacker sends SYN packets & Receives SYN-ACK back from the server . Stealthy because a full TCP connection is not opened. Open ports reply with SYN/ACK while closed ports reply with a RST/ACK.
- Null scan: Advanced scan that may be able to pass through firewalls undetected or modified. In this scan all the flags off or not set. only work in Unix Systems. closed ports will return a RST flag.
- Windows scan: similar to the ACK scan and can also detect open ports.
- ACK scan : this type of scan is used to map out firewall rules. This scan only works on UNIX.
Comman nmap command Switches :
-sT TCP connection scan
-sS SYN scan
-sF FIN scan
-sX XMAS tree scan
-sN Null scan
-sP Ping scan
-sU UDP scan
-sO Porotocol scan
-sA ACK scan
-sW windows scan
-sR RPC scan
-sL List/DNS scan
-sI Idle scan
-po Don't ping
-pT TCP ping
-pS ICMP ping
-pB TCP and ICMP ping
-pM ICMP netmask
-oN Normal output
-oX XML output
-oG Greppable output
-oA All output
