contents namp
TRANSCRIPT
M. S. RAMAIAH INSTITUTE OF TECHNOLOGY(AUTONOMOUS INSTITUTE, AFFILIATED TO VTU)
A Presentation Report on
“NMAP”
Submitted in Partial fulfillment of
5th Semester B.EIn
Information Science and EngineeringFor the subject
Data communication[IS511]
Submitted by
Deekshapoornashri (1MS13IS141)
Greeshma R J (1MS13IS142)
Shakunthala B V (1MS14IS412)
Shanta (1MS14IS413)
M. S. RAMAIAH INSTITUTE OF TECHNOLOGYDEPARTMENT OF INFORMATION SCIENCE AND
ENGINEERINGBANGALORE – 560 054
C E R T I F I C A T E
This is to certify that the “Presentation on NMAP” has been successfully completed by:
Deekshapoornashri 1MS13IS141
Greeshma R J 1MS13IS142
Shakunthala B V 1MS14IS412
Shanta 1MS14IS413
In partial fulfillment of 5th Semester B.E (Information Science &Engg) for the subject “DATA COMMUNICATION(IS511)” during the period 2015 - 2016, as prescribed by Department of Information Science & Engineering, MSRIT.
Signature of Staff Incharge
Mr. Suresh kumar Asst. Professor, Dept. of ISE, MSRIT
ACKNOWLEDGEMENTS
Any achievement, be it scholastic or otherwise does not depend solely on the individual efforts but
on the
guidance, encouragement and cooperation of intellectuals, elders and friends. A number of
personalities, in their own capacities have helped us in carrying out this project work. We would like
to take this
opportunity to thank them all.
We deeply express our sincere gratitude to our guide Prof. Mr.SureshkumarAssistant Professor, Department of ISE, M.S.R.I.T, Bengaluru, for his able guidance, regular
source of encouragement and assistance throughout this project.
We would like to thank Dr. VIJAYKUMAR B P, Head of Department, Information Science &
Engineering, M.S.R.I.T, Bengaluru, for his valuable suggestions and expert advice.
Most importantly, we would like to thank Dr. N.V.R NAIDU Principal, M.S.R.I.T, Bengaluru, for
his
moral support towards completing our project work.
We thank our Parents, and all the Faculty members of Department of Information Science &
Engineering
For their constant support and encouragement.
Last, but not the least, we would like to thank our peers and friends who provided us with valuable
suggestions to improve our project.
CONTENTS:
Nmap Features Perform an experiment for port scanning with nmap How to use nmap Output screen shots
NMAP
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community.
Nmap was originally a Linux-only utility, but it was ported to Windows, Solaris, HP-UX, BSD variants (including OS X), AmigaOS, and IRIX. Linux is the most popular platform, followed closely by Windows.
FEATURES
Nmap features include:
Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
Port scanning – Enumerating the open ports on target hosts.
Version detection – Interrogating network services on remote devices to determine application name and version number.
OS detection – Determining the operating system and hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.
Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
Typical uses of Nmap:
Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.
Identifying open ports on a target host in preparation for auditing.
Network inventory, network mapping, maintenance and asset management.
Auditing the security of a network by identifying new servers.
Generating traffic to hosts on a network.
Find and exploit vulnerabilities in a network.
PERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP
Port Scanning:
Port Scanning is one of the most popular techniques attackers use to discover services they can break into. All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well-known ports. By port scanning the attacker finds which ports are available (i.e., being listened to by a service). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness.
Port Numbers
The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned numbers. The port numbers are divided into three ranges: the Well Known Ports (0..1023), the Registered Ports (1024..49151), and the Dynamic and/or Private Ports (49152..65535).
Well-Known Ports
All the operating systems now honor the tradition of permitting only the super-user open the ports numbered 0 to 1023. These well-known ports (also called standard ports) are assigned to services by the IANA (Internet Assigned Numbers AuthorityPERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP). On Unix, the text file named /etc/ services (on Windows 2000 the file named %windier%\ system32\ drivers\ etc\ services) lists these service names and the ports they use. Here are a few lines extracted from this file:echo 7/tcp Echoftp-data 20/udp File Transfer [Default Data]ftp 21/tcp File Transfer [Control]ssh 22/tcp SSH Remote Login Protocoltelnet 23/tcp Telnetdomain 53/udp Domain Name Serverwww-http 80/tcp World Wide Web HTTP
Nmap:
Nmap ("Network Mapped") is a free and open source utility for network exploration or security auditing.
The six port states recognized by Nmap
Open-An application is actively accepting TCP connections, UDP datagram or SCTP
associations on this port. Finding these is often the primary goal of port scanning. Security minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect hem with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because theyshow services available for use on the network.
Closed-A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are
reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
Filtered-Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
Unfiltered-The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rule sets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
openfiltered-Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
Closed filtered-This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
Nmap Scan
-sS (TCP SYN scan)SYN scan is the default and most popular scan option for good reasons. It can beperformed quickly, scanning thousands of ports per second on a fast network nothampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since itnever completes TCP connections. SYN scan works against any compliant TCP stackrather than depending on idiosyncrasies of specific platforms as Nmap'sFIN/NULL/Xmas, Maim on and idle scans do. It also allows clear, reliable differentiationbetween the open, closed, and filtered states.
-sT (TCP connect scan)TCP connect scan is the default TCP scan type when SYN scan is not an option
-sU (UDP scans)While most popular services on the Internet run over the TCP protocol, UDPservices are widely deployed. DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68) are three of the most common. Because UDP scanning is generally slower and more difficult than TCP, some security auditors ignore these ports
-sY (SCTP INIT scan)SCTPis a relatively new alternative to the TCP and UDP protocols, combining mostcharacteristics of TCP and UDP, and also adding new features like multi-homing andmulti-streaming. It is mostly being used for SS7/SIGTRAN related services but has thepotential to be used for other applications as well.
-sA (TCP ACK scan)This scan is different than the others discussed so far in that it never determines open (or even open| filtered) ports. It is used to map out firewall rule sets, determining whether they are stateful or not and which ports are filtered.
USING NMAP 1)FIND OPEN PORTS ON A SYSTEM 2) FIND THE MACHINES WHICH ARE ACTIVE 3)FIND THE VERSION OF REMOTE OS ON OTHER SYSTEMS 4)FIND THE VERSION OF S/W INSTALLED ON OTHER SYSTEM
1. Download Nmap from www.nmap.org and install the Nmap Software with Win cap Driver utility. 2. Execute the Nmap-Zen map GUI tool from Program Menu or Desktop Icon. 3. Type the Target Machine IP Address(ie, Guest OS or any website Address) 4. Perform the profiles shown in the utility.
PERFORM AN EXPERIMENT ON ACTIVE AND PASSIVE FINGER PRINTING USING NMAP.
Fingerprinting OS:
Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprintingcan be classified into two types
Active Stack Fingerprinting Passive Stack Fingerprinting
Active Stack Fingerprinting
It involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database and the OS is identified. It is commonly used method though there are high chances of getting detected. It can be performed by following ways.
Using Nmap :Nmap is a port scanning tool that can be used for active stack OS fingerprinting.
Syntax: nmap –O ip address
Example: nmap –O 192.168.1.88
Passive Stack Fingerprinting
It involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. Passive stack fingerprinting can be performed in following ways.
OUTPUT:
ACTIVE OS FINGERPRINTING
1. nmap -O 192.168.1.88