Diferencia entre revisiones de «Nmap (eng)»
(2 revisiones intermedias por el mismo usuario no mostrado) | |||
Línea 4: | Línea 4: | ||
Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers. | Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers. | ||
+ | This software has several functions for network systems, including the detection of equipment, services and operating systems. These functions are extensible through the use of scripts for advanced detection providers, vulnerability detection and other applications. | ||
− | == | + | |
+ | == Scanning TCP Connect Scan== | ||
Línea 13: | Línea 15: | ||
− | == | + | == TCP SYN Scan== |
Línea 20: | Línea 22: | ||
− | == | + | == TCP FIN Scan == |
Línea 26: | Línea 28: | ||
− | == | + | == TCP Xmas Tree Scan == |
The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx. | The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx. | ||
− | == | + | == TCP Null Scan == |
Línea 37: | Línea 39: | ||
− | == | + | == UDP Scan== |
To discover ports UDP. FLAG -Su | To discover ports UDP. FLAG -Su | ||
− | == | + | == Who to use Nmap == |
Línea 51: | Línea 53: | ||
− | == | + | == Why use Nmap == |
We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it. | We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it. |
Última revisión de 12:50 25 ene 2017
Contenido
NMAP
Nmap is an open source program for port scanning made for Gordon Lyon (Fyodor Vaskovich) and whose development is nowadays commissioned to the community. Originally created for Linux now its multiplatform. It’s used to evaluate the security of the computer systems, to detect services or servers in a computer network, for that, Nmap sends defined packages to others computers and later analyze their answers.
This software has several functions for network systems, including the detection of equipment, services and operating systems. These functions are extensible through the use of scripts for advanced detection providers, vulnerability detection and other applications.
Scanning TCP Connect Scan
It’s open a scanning port proccess, requires three-way swapping for a fully port scanning. To know if an open port is sent the flag SYN (connection). If it is open it returns a SYN / ACK and otherwise send RST. The connection is complete and then finish with RST. ACK = accept RST = reset
TCP SYN Scan
It’s a port scanning technique that sends from one host to another only a SYN connection start packages, for each ports that we want to analyze, to define if that ports are open or not. If it’s open, return a SYN / ACK and if not a RST. The connection is chop after receiving the SYN / ACK with RST, to be less noisy than the TCP connect scanning. FLAG -Sf.
TCP FIN Scan
The FIN flag is launched, if it return a RST / ACK its a closed port, if not maybe its open. That kind of port scanning are silent, not usually registered by IDS (Intrusion Detection System). FLAG -Sf.
TCP Xmas Tree Scan
The same as TCP FIN Scan, but launched flags FIN, URG and PUSH. FLAG -Sx.
TCP Null Scan
That kind of scan reset all indicators on TCP header, receive a RST if the port is not active, otherwise not receive anything.
UDP Scan
To discover ports UDP. FLAG -Su
Who to use Nmap
The best way to achieve most information is: nmap -Ss -O -Sv <ip> -O: to know the system version -Sv: to know the servides and their versions assigned to a port
Why use Nmap
We can see which ports in our computers has open and which processes are assigned to each port. If we use google to find all services, it’s possible that we found some malicious services controlling our computer. Then, it is simple, find it and uninstall it.