Logo Background

Nmap Port Scanner Audit

  • By on August 23, 2008 | No Comments

    Nmap a free tool that can be used to conduct various sorts of scans on networks. Normally, when people think of Nmap, they assume it’s used to conduct some sort of nefarious network reconnaissance in preparation for an attack. But as with all powerful tools, Nmap can be used for far more than breaking into networks.

    Nmap can provide much more information if you run it as root. When run as root, it can use special packets to determine the operating system of the remote machine by using the -O flag. Additionally, you can do half-open TCP scanning by using the -sS flag. When doing a half-open scan, Nmap sends a SYN packet to the remote host and waits to receive the ACK from it; if it receives an ACK, it knows that the port is open. This is different from a normal three-way TCP handshake, where the client sends a SYN packet and then sends an ACK back to the server once it has received the initial server ACK. Attackers typically use this option to avoid having their scans logged on the remote machine

    Nmap Port Scanner Run Command

    UNIX> nmap -sS -O

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on test.server (
    (The 1578 ports scanned but not shown below are in state: filtered)
    Port State Service
    7/tcp open echo
    9/tcp open discard
    13/tcp open daytime
    19/tcp open chargen
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    37/tcp open time
    79/tcp open finger
    111/tcp open sunrpc
    512/tcp open exec
    513/tcp open login
    514/tcp open shell
    587/tcp open submission
    7100/tcp open font-service
    32771/tcp open sometimes-rpc5
    32772/tcp open sometimes-rpc7
    32773/tcp open sometimes-rpc9
    32774/tcp open sometimes-rpc11
    32775/tcp open sometimes-rpc13
    32776/tcp open sometimes-rpc15
    32777/tcp open sometimes-rpc17
    Remote operating system guess: Solaris 9 Beta through Release on SPARC
    Uptime 44.051 days (since Sat Nov 1 16:41:50 2003)

    Nmap run completed — 1 IP address (1 host up) scanned in 166 seconds

    With OS detection enabled, Nmap has confirmed that the operating system is Solaris, but now you also know that it’s probably Version 9 running on a SPARC processor.

    » Tracking Origin Of Server Attack
Leave a Comment