Nmap: Performing a Basic Scan: Nmap, Security, Port Scan

The Nmap Security Scanner written by Fyodor is a widely used security and network administration tool that can be used to perform a port scan of remote systems. A port scan of a system can let the Nmap user know which services are available on a system as well as if these services are accessible through a firewall.

This article discusses features that are available in Nmap 5.0 and higher. To download Nmap and access other related security resources, please visit www.insecure.org.

Conducting a Basic Nmap Scan from the Command Line

While a GUI front-end (Zenmap) now exists, Nmap has traditionally been used by administrators from the command line in both Windows and Unix/Linux environments. When a basic Nmap scan is performed without any additional options, the following will occur:

-      Your system will scan the 1,000 most commonly used TCP ports on your target(s). These ports were enumerated by Fyodor when he conducted an Nmap scan against every host on the Internet and compiled the end results. The scan type conducted is a standard SYN scan.
-      Nmap will randomize the order in which the ports are scanned. If you wish for the ports to be scanned in sequential order, perhaps to test your IDS/IPS capabilities, use the r option.
-      In addition to scanning ports, Nmap will attempt to retrieve the MAC address associated with the remote IP address(es) being scanned and resolve the MAC address to its associated manufacturer.
-      If an IP address is specified as the scan target, Nmap will attempt to perform a reverse DNS lookup to identify the FQDN of the scanned host(s).

In the following example, Nmap is used to conduct a basic port scan of the system at 192.168.2.38.

nmap-basic-1.jpg

25 KB
Conducting an Nmap Basic Scan

C:\>nmap 192.168.2.38

Starting Nmap 5.00 ( http://nmap.org ) at 2009-11-06 23:12 Eastern Standard Time

Interesting ports on webserver.company.net (192.168.2.38):
Not shown: 998 closed ports
PORT      STATE 	SERVICE
80/tcp      open  	http
3389/tcp    open  	ms-term-serv
MAC Address: 00:1C:23:55:55:55 (Dell)

Nmap done: 1 IP address (1 host up) scanned in 4.05 seconds

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:

Select all Open in new window

As you can see, the above scan discovered that two TCP ports were running on the system noted by the open state. The remaining 998 scanned ports were reported as closed as no services were running on the system. By default, Nmap will guess which services are running on each of these ports based on the common usage of each port number.

In our example, based on the Nmap determining that TCP 80 and TCP 3389 are open on the system, Nmap will report that the two services that appear to be running on the system are HTTP (to act as a web server on TCP port 80) and Microsofts Terminal Services (for remote access to the system on TCP port 3389). To have Nmap perform additional tests on open ports to determine which service is truly running on a port, use the sV (Service) scan option.

REMEMBER Each system has 65,535 TCP and 65,535 UDP ports. The standard Nmap scan only scans the 1,000 most commonly used ports to help expedite scan times.

In addition to the discovered services that were running on the system, the system was determined to be a Dell system based on its MAC address (00:1C:23:55:55:55). Nmap also performed a reverse DNS lookup to resolve the targets IP address of 192.168.2.38 to webserver.company.net.

NOTE If you do see a result state as filtered, this means that access to the port by Nmap has been blocked. Typically, this result indicates that a firewall has prevented the Nmap scan from reaching the system on the filtered ports.

As you can see, Nmap can perform a basic scan in order to determine common services that are running on a remote system.

Gain Access to all our Tech Resources

Get personalized answers

Ask unlimited questions

Access Proven Solutions

Search 3.2 million solutions

Read In-Depth How-To Guides

1000+ articles, demos, & tips

Watch Step by Step Tutorials

Learn direct from top tech pros

And Much More!

Your complete tech resource

30-day free trial. Register in 60 seconds.

Nmap: Performing a Basic Scan

Nmap

Security

Port Scan

Miscellaneous Security

About The Author

More Articles From MikeHolcomb

Add your Comment

Join Experts Exchange Today