Unix: Why you should love nmap

Discovering hosts and services isn't just something that hackers do. A good sysadmin needs to work with an up-to-date view of the systems they manage or those they want to keep an eye on.

By  

You have to love nmap. No other tool is set up to give you as quick a view of your network and at so little cost. The name stands for "network mapper" and it can tell you a lot about the network you are managing, including what systems are on it, what's running on those systems, and quite a bit of services you might need to worry about. It's a very basic tool in some ways. You hand it a few command line parameters and it runs around your network making connections and reporting on what it is able to discover. Plus, it's surprisingly efficient (unless you inadvertently ask for too much information) and is easy to install and to use.

For example, you can use nmap to profile your systems -- to get an idea what's running on them, what operating system they have installed, and what vulnerabilities they might have (e.g., when you're running services that you might not want to support). While hackers often use tools like nmap in their fact finding missions -- laying out your network and looking for ways to attack your systems, you would likely use it to get an up-to-date view of what systems you might need to patch or protect, what services you are running that might require your attention (or to be shut down).

Here's an example of a "fast scan" run on a single system. Note that the scan took .164 seconds. That certainly qualifies as
fast.

$ nmap -F 192.168.0.6

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2014-06-03 19:56 EDT
Interesting ports on boson (192.168.0.6):
Not shown: 1229 closed ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
80/tcp  open  http
110/tcp open  pop3
111/tcp open  rpcbind
143/tcp open  imap
888/tcp open  accessbuilder
993/tcp open  imaps
995/tcp open  pop3s

Nmap finished: 1 IP address (1 host up) scanned in 0.164 seconds

Another scan took a little longer but, again, provides some important clues as to the nature of the system being queried.

# nmap -F 10.3.2.77

Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-04 14:05 EDT
Nmap scan report for 10.3.4.5
Host is up (0.00048s latency).
Not shown: 86 closed ports
PORT     STATE SERVICE
7/tcp    open  echo
9/tcp    open  discard
13/tcp   open  daytime
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
37/tcp   open  time
79/tcp   open  finger
111/tcp  open  rpcbind
513/tcp  open  login
514/tcp  open  shell
515/tcp  open  printer
587/tcp  open  submission
2049/tcp open  nfs

Nmap done: 1 IP address (1 host up) scanned in 2.33 seconds

If you work on a complex network on which the systems and the applications and services that they provide frequently change, nmap is a great tool for getting an up-to-date picture of each of your subnets. It's surprising how much can change in a month!

What you don't want to do is scan every system and every possible port. There are, after all, as many as 65,536 ports on your systems.

Photo Credit: 
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question