Transcript Trinity Uses Nmap, shouldn`t you?

Trinity Uses Nmap,
shouldn’t you?
From “The Art of War”
• "... knowing your enemy 100% of the
time, you will win your battle 100% of
the time,
• knowing your enemy 50% of the time,
you will win your battle 50% of the
time,
• but not knowing your enemy, you are
destined to fail 100% of the time ...".
An Introduction to Port
Scanning
• Port scanning originated in the process
of querying a computer's TCP/IP stack
for open ports.
• Packet sniffing, on the other hand, is
the act of listening to all network traffic
that passes to or around a specific host.
• Unlike packet sniffing, port scanning
actively queries a remote host.
Introduction to Port
Scanning
• A packet sniffer might tell you that
DNS name-resolution traffic is on
the network and give you its origin
and destination.
• A port scanner will tell you
whether an application running on
the host is listening for DNS nameresolution traffic.
Introduction to Port
Scanning
• Port scanning can identify all the
hosts on your network on which
applications are listening for DNS
name-resolution traffic.
Introduction to Nmap
• There are many port scanning
tools for these operating systems
but the favorite is Nmap("Network
Mapper").
• Nmap is a free open source utility
for network exploration or security
auditing. It was designed to rapidly
scan large networks, although it
works fine against single hosts.
Introduction to Nmap
• Nmap is:
– Flexible: Supports dozens of
advanced techniques for mapping out
networks
– Powerful: Nmap has been used to
scan huge networks of literally
hundreds of thousands of machines
– Portable: Most operating systems are
supported
Introduction to Nmap
• Nmap is:
– Easy: You can start out as simply as
"nmap -v -A targethost”
– Free: The primary goals of the Nmap
Project is to help make the Internet a
little more secure and to provide
administrators/auditors/hackers with
an advanced tool for exploring their
networks
Introduction to Nmap
• Nmap is:
– Well Documented: Significant effort
has been put into comprehensive and
up-to-date man pages
– Supported: While Nmap comes with
no warranty, you can write the author
([email protected])
Introduction to Nmap
• Nmap is:
– Acclaimed: Nmap has won numerous
awards, including "Information
Security Product of the Year" by Linux
Journal
– Popular: Thousands of people
download Nmap every day
Advantages of Port
Scanning
• Port scanning helps you identify
which ports are open.
• Port scanning helps you not only
categorize the servers and services
that you know about but also
identify new servers and services
that you don't know about (but
might be responsible for).
Advantages of Port
Scanning
•
•
Port scanning helps you determine the
information that your Internet-facing
network connections show to the
world.
Port scanning helps you protect your
network from Internet service-based
worms by identifying the servers and
workstations that are running IIS or
another targeted service.
Uses of Nmap
• Security professionals and system
administrators use Nmap to perform
vulnerability assessments and penetration
testing.
A Word of Warning
• Don’t install Nmap and start port
scanning right away.
• Many sites take a dim few of port
scanning
and
port
scanning
without management permission
could lead to job loss.
How Nmap Works
• Nmap uses many port scanning
mechanisms: both TCP & UDP, OS
detection, version detection, ping
sweeps, TCP full connect, Stealth
Scan, XMAS Scan, and half scan
Nmap Output – Have It
Your Way
• Nmap outputs its results in several
different and useful formats
– Normal human readable form. This is
the default
– XML form. This allows programs to
easily capture and interpret Nmap
results.
Nmap Output – Have It
Your Way
– Grepable form. This simple format
provides all the information on one
line (so you can easily grep for port
or OS information and see all the IPs.
– s|<ipT kiDd|3. thIs l0gz th3 r3suLtS
of YouR ScanZ iN a s|<ipT kiDd|3
f0rM iNto THe fiL3 U sPecfy 4s an
arGuMEnT! U kAn gIv3 the
4rgument '-'(wItHOUt qUOteZ) to
sh00t output iNT0 stDouT!@!!
Stuck on the GUI
• Nmapfe (also known as xnmap) is a
convenient X Window front end for
the Nmap Security Scanner.
• Most of the options correspond directly
to Nmap options, which are
described in detail in the Nmap man
page.
• There is also limited help available via
the NmapFE "Help" menu.
Conclusion
• Nmap ("Network Mapper") is an open
source utility for network exploration or
security auditing.
• Nmap uses raw IP packets in novel
ways to determine what hosts are
available on the network, what services
they are offering, what operating
system and version they are running,
and dozens of other characteristics.