What is Nmap? Basics of Nmap

Nmap is Open Source Network Security Scanner used to discover ports & services on Computer Network.

It is a cross-platform & works on Linux, Unix, Windows, Solaris, BSD & MacOS etc.

It is Written in C, C++, Python & Lua.

It is available in GUI which is called Zenmap & Non-GUI.

Nmap sends special crafted packet to the target. Analyzes the response from target & generate the output.

• Host Discovery: Discovers Live Host on your Network
• Port Scanning: Enumerating Port Status of the target
• Version Detection: Discovers the Application service running on target device & versions detection
• OS detection: It detect the operating system & hardware characteristics of target
• Scriptable interation with targets with the help of Nmap Scripting Engine & Lua Programming Language. Advance Service & Vulnerability Detection can be enhanced with the help of scripting.

• It is used by Network Security Professional to check the vulnerability of the Network, Servers & System
• Security of Device or firewall can be audited
• Exploiting Vulnerability of Network & improvising the Security Policy
• DNS Queries, Subdomain search & reverse DNS
• Network inventory & asset management

To Install Nmap follow the below steps

1. open Nmap website & goto download page https://nmap.org/download.html. Download Nmap depending on your operating system.

2. Check all the Package list i.e.,Nping,Zenmap etc. & install Nmap.

In this tutorial we will use Nmap to scan my Gateway Wi-Fi Router. You can scan or probe any device, Firewall, Routers, Switches or Gateway in your Network as well as on Internet.

To Scan or Probe follow the below steps

1. Open Command prompt or Terminal. Here we will use Non-GUI Mode, you can use either GUI or Non-GUI depending on your choice.

2. My System IP configuration is shown below

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b|g|n WiFi Adapter
Physical Address. . . . . . . . . : F0-7B-CB-16-1E-21
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.143.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 22, 2018 9:42:51 PM
Lease Expires . . . . . . . . . . : Sunday, September 29, 2154 4:12:57 AM
Default Gateway . . . . . . . . . : 192.168.143.1
DHCP Server . . . . . . . . . . . : 192.168.143.1
DNS Servers . . . . . . . . . . . : 192.168.143.1
NetBIOS over Tcpip. . . . . . . . : Enabled
As you can see my IP Address is : 192.168.143.7 & Gateway is 192.168.143.1. Here we are going to scan my Gateway.

3. Nmap command to scan target device

C:\Users\Vishal Majithia>nmap 192.168.143.1

Starting Nmap 7.40 ( https://nmap.org ) at 2018-08-22 21:49 India Standard Time
Nmap scan report for 192.168.143.1
Host is up (0.010s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
1900/tcp open upnp
49152/tcp open unknown
MAC Address: 18:A6:F7:60:87:AC (Tp-link Technologies)

Nmap done: 1 IP address (1 host up) scanned in 1.73 seconds

As you can see that port 22(SSH), 80(HTTP), 1900(upnp) & 49152 are open on Wi-Fi Router. My Wi-Fi Router is of TP-Link & MAC Address of the device is also shown. This open port can be accessed by any device on Network, which is insecure for Network. Hacker can take advantage of it and can create congestion or gain the access to the device by brute-force attack. Security measure that can be taken on this device is that access to this port can be restricted to authorized device. For others this port should be closed.

I personally recommend Network & Security Professionals to use Nmap for Exploiting Vulnerability of Network & improvising Security Policy to protect it.