IP and Port scanning using ‘nmap (Network Mapper)’ in Ubuntu

nmap is a powerfull scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine againts single hosts.

It’s very easy to install nmap in Ubuntu, just download from the internet.

taufanlubis@zyrex:~$ sudo apt-get install nmap

In this practice, I used 2 computer.

PC-01, IP = 192.168.0.3 (OpenSuse 10.1) with Kernel 2.6.16.13-4-default

PC-02, IP = 192.168.0.2 (Ubuntu Feisty)

I run nmap from Ubuntu to scan PC-01.

IP Scanning with range 192.168.0.0 – 192.168.0.255

taufanlubis@zyrex:~$ sudo nmap -sP 192.168.0.0/24

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:51 WIT

Host 192.168.0.2 appears to be up.

caught SIGINT signal, cleaning up

taufanlubis@zyrex:~$

IP Scanning with range 192.168.0.1 – 192.168.0.254

taufanlubis@zyrex:~$ sudo nmap -sP 192.168.0.1-254

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:53 WIT

Host 192.168.0.2 appears to be up.

Host 192.168.0.3 appears to be up.

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Nmap finished: 255 IP addresses (2 hosts up) scanned in 31.242 seconds

taufanlubis@zyrex:~$

Port Scanning with range port 100 – port 139

taufanlubis@zyrex:~$ nmap 192.168.0.3 -p100-139

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:06 WIT

Interesting ports on 192.168.0.3:

Not shown: 38 filtered ports

PORT STATE SERVICE

113/tcp closed auth

139/tcp open netbios-ssn

Nmap finished: 1 IP address (1 host up) scanned in 24.914 seconds

taufanlubis@zyrex:~$

For 40 ports, it took almost 25 seconds, so it will take much longer if you want to scan from 1-65535 (all ports in a computers).

Scanning Operating system on target IP

taufanlubis@zyrex:~$ sudo nmap -O 192.168.0.3

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:20 WIT

Interesting ports on 192.168.0.3:

Not shown: 1693 filtered ports

PORT STATE SERVICE

80/tcp open http

113/tcp closed auth

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|specialized|WAP|storage-misc

Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Atmel Linux 2.6.X (91%), Siemens linux (91%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Inventel embedded (88%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (91%), Siemens Gigaset SE515dsl wireless broadband router (91%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in 94.942 seconds

taufanlubis@zyrex:~$

nmap Faster Execution

If you want to make faster scan, use -T4 option on nmap command..

taufanlubis@zyrex:~$ sudo nmap -A -T4 192.168.0.3

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:42 WIT

Interesting ports on 192.168.0.3:

Not shown: 1693 filtered ports

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.0 ((Linux/SUSE))

113/tcp closed auth

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|WAP|specialized|storage-misc|broadband router

Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Siemens linux (93%), Atmel Linux 2.6.X (92%), Inventel embedded (89%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Netgear embedded (87%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Siemens Gigaset SE515dsl wireless broadband router (93%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (93%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (92%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in 58.830 seconds

taufanlubis@zyrex:~$

Now, you only need 58,83 seconds compare to 94.94 seconds (without -T4 option).