Nmap – A brief Introduction

What’s Nmap? Why is it called “The First Big tool for Hackers”?

Nmap, also known as Network Mapper, is a network scanning tool. Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what’s connected, what services each host is operating, and so on.

Nmap is called the first big tool for hackers because Nmap can be a solution to the problem of identifying activity on a network as it scans the entire system and makes a map of every part of it. To put it in simpler terms, with Nmap, you can scan the entire system and figure out which activity is happening on which port.

What’s a Port?

A port is a virtual point where network connections start and end. Ports are software-based and managed by a computer’s operating system. Each port is associated with a specific process or service.

To learn which ports are open and what those rules are, a program called Nmap can be used.

Working of Nmap

Nmap works by checking a network for hosts and services. Once found, the software platform sends information to those hosts and services which then respond. Nmap reads and interprets the response that comes back and uses the information to create a map of the network. The map that is created includes detailed information on what each port is doing and who (or what) is using it, how the hosts are connecting, what is and is not making it through the firewall, and listing any security issues that come up.

Nmap can be used by hackers to gain access to uncontrolled ports on a system. All a hacker would need to do, to successfully get into a targeted system, would be to run Nmap on that system, look for vulnerabilities, and figure out how to exploit them.

Types of Nmap scans

1. Ping Sweep:

The simple type of Nmap scan where it pings to all the available IP addresses to check which IP addresses respond to ICMP or Internet Control Message protocol is called Ping Sweep. If the users need to know only the number of IP addresses and not many details, this Ping Sweep is very useful. This is faster and hence the results to be known are fetched easily.

nmap -sP IP address

2. TCP SYN Scan:

This is the most useful type of Nmap scan which does it work quietly. Here, it sends an SYN packet via TCP or Transfer Control Protocol to all the intended ports. If an acknowledgment pack is received back to the system, it is sure that a port is opened there. No response means that the port is either closed or not available. Here the acknowledgment pack is not sent back to the system assuming that the connection is not valid. Thus, the full connection is not scanned as per the system. This scan is not shown in most of the scan logs and hence it is safe to use SYN scan to identify the ports.

nmap -sS IP address

3. TCP Connect Scan:

This is similar to SYN scan in many aspects as it uses the TCP layer to sent packets and it is passed to all the ports. Here, the difference is that the full connection is done by sending the acknowledgment packets back.

nmap -sT IP address

8. UDP Scan:

This scan is most useful in the Windows system to know whether the UDP layer is open to attacks or not. It is not always possible to get a response from the UDP layer but it helps to know whether the layer is having any Trojan attacks running or not.

nmap -sU IP address

The Bottom Line

Taking the time to learn Nmap can dramatically increase the security of your networks because the program offers a quick, efficient way of auditing your systems. Even the basic features offered by the program – such as the ability to perform port scanning – quickly reveal any suspicious devices that are active on your network.

Next, we’re gonna learn about how to actually use Nmap.

Till then, keep getting in Trouble.