Diferencia entre revisiones de «Nmap (eng)»
| Línea 1: | Línea 1: | ||
| − | ''' | + | '''NMAP ''' |
Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers. | Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers. | ||
| − | Scanning TCP Connect Scan | + | '''Scanning TCP Connect Scan''' |
It’s open a scanning port proccess, requires three-way swapping for a fully port scanning. | It’s open a scanning port proccess, requires three-way swapping for a fully port scanning. | ||
To know if an open port is sent the flag SYN (connection). If it is open it returns a SYN / ACK and otherwise send RST. The connection is complete and then finish with RST. | To know if an open port is sent the flag SYN (connection). If it is open it returns a SYN / ACK and otherwise send RST. The connection is complete and then finish with RST. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
ACK = accept RST = reset | ACK = accept RST = reset | ||
| − | TCP SYN Scan | + | '''TCP SYN Scan''' |
It’s a port scanning technique that sends from one host to another only a SYN connection start packages, for each ports that we want to analyze, to define if that ports are open or not. | It’s a port scanning technique that sends from one host to another only a SYN connection start packages, for each ports that we want to analyze, to define if that ports are open or not. | ||
If it’s open, return a SYN / ACK and if not a RST. The connection is chop after receiving the SYN / ACK with RST, to be less noisy than the TCP connect scanning. FLAG -Sf. | If it’s open, return a SYN / ACK and if not a RST. The connection is chop after receiving the SYN / ACK with RST, to be less noisy than the TCP connect scanning. FLAG -Sf. | ||
| − | TCP FIN Scan | + | '''TCP FIN Scan''' |
The FIN flag is launched, if it return a RST / ACK its a closed port, if not maybe its open. That kind of port scanning are silent, not usually registered by IDS (Intrusion Detection System). FLAG -Sf. | The FIN flag is launched, if it return a RST / ACK its a closed port, if not maybe its open. That kind of port scanning are silent, not usually registered by IDS (Intrusion Detection System). FLAG -Sf. | ||
| − | TCP Xmas Tree Scan | + | '''TCP Xmas Tree Scan''' |
The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx. | The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx. | ||
| − | TCP Null Scan | + | '''TCP Null Scan''' |
That kind of scan reset all indicators on TCP header, receive a RST if the port is not active, otherwise not receive anything. | That kind of scan reset all indicators on TCP header, receive a RST if the port is not active, otherwise not receive anything. | ||
| − | UDP Scan | + | '''UDP Scan''' |
To discover ports UDP. FLAG -Su. | To discover ports UDP. FLAG -Su. | ||
| − | Who to use Nmap | + | '''Who to use Nmap''' |
The best way to achieve most information is: nmap -Ss -O -Sv <ip> | The best way to achieve most information is: nmap -Ss -O -Sv <ip> | ||
-O: to know the system version | -O: to know the system version | ||
-Sv: to know the servides and their versions assigned to a port | -Sv: to know the servides and their versions assigned to a port | ||
| − | Why use Nmap | + | '''Why use Nmap''' |
We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it. | We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it. | ||
Revisión de 12:44 25 ene 2017
NMAP
Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers.
Scanning TCP Connect Scan It’s open a scanning port proccess, requires three-way swapping for a fully port scanning. To know if an open port is sent the flag SYN (connection). If it is open it returns a SYN / ACK and otherwise send RST. The connection is complete and then finish with RST. ACK = accept RST = reset
TCP SYN Scan It’s a port scanning technique that sends from one host to another only a SYN connection start packages, for each ports that we want to analyze, to define if that ports are open or not. If it’s open, return a SYN / ACK and if not a RST. The connection is chop after receiving the SYN / ACK with RST, to be less noisy than the TCP connect scanning. FLAG -Sf.
TCP FIN Scan The FIN flag is launched, if it return a RST / ACK its a closed port, if not maybe its open. That kind of port scanning are silent, not usually registered by IDS (Intrusion Detection System). FLAG -Sf.
TCP Xmas Tree Scan The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx.
TCP Null Scan That kind of scan reset all indicators on TCP header, receive a RST if the port is not active, otherwise not receive anything.
UDP Scan
To discover ports UDP. FLAG -Su.
Who to use Nmap The best way to achieve most information is: nmap -Ss -O -Sv <ip> -O: to know the system version -Sv: to know the servides and their versions assigned to a port
Why use Nmap We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it.
