Using nmap to scan network


If you had your computer connected to the network you must be wondering how many computer are there in the network. well if you use nmap, it will be as easy as 1 2 3.

nmap is a powerful scanning tools and has been used in many hacking technique. it’s also has been used in movies like The Matrix Revolution. if you watch the movie you’ll know what I mean.

if you are using windows then download nmap using the link below.
nmap

put the file in C:\Program Files\nmap

as you can see above that you had to make a new folder name nmap. after that extract the file and open the command prompt. for improved performance apply the nmap registry in the extract folder. if you want to use nmap frequently then you should do the following

1. From the desktop, right click on My Computer and then click “properties”.
2. In the System Properties window, click the “Advanced” tab.
3. Click the “Environment Variables” button.
4. Choose Path from the System variables section, then hit edit.
5. Add a semi-colon and then your Nmap directory (such as c:\Program Files\Nmap) to the end of the value.

then open the command prompt.

C:\Documents and Settings\Yacob>nmap -sP 192.168.1.1/24

Starting Nmap 4.53 ( http://insecure.org ) at 2008-03-15 12:51 GMT Standard Time

Host 192.168.1.1 appears to be up.
MAC Address: 00:19:E0:66:06:D0 (Tp-link Technologies Co.)
Host 192.168.1.2 appears to be up.
Host 192.168.1.3 appears to be up.
MAC Address: 00:1B:24:DE:AB:26 (Quanta Computer)
Host 192.168.1.4 appears to be up.
MAC Address: 00:90:F5:61:25:4F (Clevo CO.)
Host 192.168.1.5 appears to be up.
MAC Address: 00:0F:B0:F0:FE:BA (Compal Electronics)
Host 192.168.1.6 appears to be up.
MAC Address: 00:16:D3:FC:6B:83 (Wistron)
Host 192.168.1.7 appears to be up.
MAC Address: 00:1D:60:EC:6A:0E (Asustek Computer)
Host 192.168.1.8 appears to be up.
MAC Address: 00:11:2F:1B:FE:31 (Asustek Computer)
Host 192.168.1.9 appears to be up.
MAC Address: 00:A0:D1:D5:93:2B (Inventec)
Host 192.168.1.10 appears to be up.
MAC Address: 00:15:58:35:33:94 (Foxconn)
Nmap done: 256 IP addresses (10 hosts up) scanned in 42.156 seconds

nmap already scan the network and had find all computer that had connected to your network. also if you want to scan which operating system that they are using, then you just need to change the parameter -sP into -O.
C:\Documents and Settings\Yacob>nmap -O 192.168.1.1/24

Starting Nmap 4.53 ( http://insecure.org ) at 2008-03-15 13:39 GMT Standard Time

Interesting ports on 192.168.1.1:
Not shown: 1712 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
MAC Address: 00:19:E0:66:06:D0 (Tp-link Technologies Co.)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 – 2.6.18 (x86_64, SMP)
Uptime: 0.045 days (since Sat Mar 15 12:35:21 2008)
Network Distance: 1 hop

Skipping SYN Stealth Scan against 192.168.1.2 because Windows does not support s
canning your own machine (localhost) this way.
Skipping OS Scan against 192.168.1.2 because it doesn’t work against your own ma
chine (localhost)
0 ports scanned on 192.168.1.2

Interesting ports on 192.168.1.4:
Not shown: 1711 filtered ports
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5101/tcp open admdog
MAC Address: 00:90:F5:61:25:4F (Clevo CO.)
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP SP2
Network Distance: 1 hop

Interesting ports on 192.168.1.6:
Not shown: 1712 filtered ports
PORT STATE SERVICE
81/tcp open hosts2-ns
5101/tcp open admdog
MAC Address: 00:16:D3:FC:6B:83 (Wistron)
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: specialized|general purpose
Running: Captor embedded, QNX 4.X
OS details: Captor Omni-Clock (employee timeclock), QNX 4.24
Network Distance: 1 hop

Interesting ports on 192.168.1.9:
Not shown: 1708 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
5101/tcp open admdog
MAC Address: 00:A0:D1:D5:93:2B (Inventec)
No OS matches for host
Network Distance: 1 hop

All 1714 scanned ports on 192.168.1.10 are filtered
MAC Address: 00:15:58:35:33:94 (Foxconn)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://insecure.o
rg/nmap/submit/ .
Nmap done: 256 IP addresses (6 hosts up) scanned in 49.859 seconds

Also if you want to scan any opening port then you can do it by typing

C:\Documents and Settings\Yacob>nmap -sS 192.168.1.23

Starting Nmap 4.53 ( http://insecure.org ) at 2008-03-16 07:51 GMT Standard Time

Interesting ports on 192.168.1.23:
Not shown: 1711 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:1A:92:32:23:90 (Asustek Computer)

and also if you prefer GUI rather than command line you could download the nmap GUI version. through here

normally nmap was used within Unix environment to scan any opening port. so if you want to be a hacker then nmap is a must have tools.

update:
Nmap has a new release out, and it’s a major one. It includes a GUI front-end called Zenmap, and, according to the post, ‘Network admins will no doubt be excited to learn that Nmap is now ready to identify Snow Leopard systems, Android Linux smartphones, and Chumbies, among other OSes that Nmap can now identify. This release also brings an additional 31 Nmap Scripting Engine scripts, bringing the total collection up to 80 pre-written scripts for Nmap. The scripts include X11 access checks to see if X.org on a system allows remote access, a script to retrieve and print an SSL certificate, and a script designed to see whether a host is serving malware. Nmap also comes with netcat and Ndiff. Source code and binaries are available from the Nmap site, including RPMs for x86 and x86_64 systems, and binaries for Windows and Mac OS X.

Advertisements

6 comments on “Using nmap to scan network

  1. Christian says:

    Hey, its “Must have tool”, not “Must Have Tools”
    anyways, worked like a charm.
    Could you do a “How to do it with zenmap?”
    that would be helpfull for many newbies
    nice !

  2. job says:

    Hey Christian, it’s “it’s” not “its”…

  3. lada18 says:

    and it’s “helpful” not “helpfull”

  4. huzo says:

    and it’s not “lada” it’s “lady”

  5. Ricky says:

    And its “Could you do a “How to do it with zenmap”?” not “Could you do a “How to do it with zenmap?””

  6. rosch says:

    Useful howto, thanks 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s