Linux Tutorials - Herong's Tutorial Examples - v5.41, by Herong Yang
"nmap" - Network Mapper on CentOS
This section provides a tutorial example on how to install and use 'nmap' (Network Mapper), as a network exploration tool and security scanner on CentOS systems.
Another useful tool is called, "nmap (Network Mapper)”, which is a network exploration tool and security scanner. Here is the full description of "nmap":
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered when they are responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), Nmap provides information on supported IP protocols rather than listening ports.
In addition to the interesting ports table, Nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses.
Here is what I did to install and use it on my CentOS 8 computer:
1. Check the availability of "nmap":
herong$ dnf info nmap Available Packages Name : nmap Epoch : 2 Version : 7.70 Release : 5.el8 Architecture : x86_64 Size : 5.8 M Source : nmap-7.70-5.el8.src.rpm Repository : AppStream Summary : Network exploration tool and security scanner URL : http://nmap.org/ License : Nmap Description : Nmap is a utility for network exploration or security auditing...
2. Install of "nmap":
herong$ sudo dnf install nmap Dependencies resolved. ... Installed: nmap-2:7.70-5.el8.x86_64 Complete!
3. Scan localhost on TCP connections:
herong$ sudo nmap -sT -O localhost Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-30 08:12 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.00020s latency). Other addresses for localhost (not scanned): ::1 Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 631/tcp open ipp 3306/tcp open mysql Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.7 - 3.10 Network Distance: 0 hops
4. Scan localhost on UDP connections:
herong$ sudo nmap -sU -O localhost Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-30 08:13 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000022s latency). Other addresses for localhost (not scanned): ::1 Not shown: 998 closed ports PORT STATE SERVICE 111/udp open rpcbind 5353/udp open|filtered zeroconf Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: remote management|phone|general purpose|webcam|storage-misc Network Distance: 0 hops
5. Scan a remote computer with "-A -T4" (Aggressive level 4 timing: aggressive),
herong$ nmap -A -T4 192.168.1.100 Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-30 07:39 EDT Nmap scan report for 192.168.1.100 Host is up (0.00018s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 (protocol 2.0) | ssh-hostkey: | 3072 d4:33:...:6e:29 (RSA) | 256 77:87:...:36:6e (ECDSA) |_ 256 e5:51:...:ec:6a (ED25519) 80/tcp open http Apache httpd 2.4.37 ((centos)) | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Apache/2.4.37 (centos) |_http-title: ... 111/tcp open rpcbind 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind |_ 100000 2,3,4 111/udp rpcbind 3306/tcp open mysql? | fingerprint-strings: | DNSStatusRequestTCP: | 8.0.17 | mysql_native_password | packets out of order ... 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port3306-TCP:V=7.70%I=7%D=3/30%Time=5E81DA9C%P=x86_64-redhat-linux-gnu% ... Service detection performed. Nmap done: 1 IP address (1 host up) scanned in 27.99 seconds
Table of Contents