Using NMAP - Part 1 of 2 - Ping Sweeps, Port Scans, IP Spoofing and Gathering Information

Using NMAP - Part 1 of 2 - Ping Sweeps, Port Scans, IP Spoofing and Gathering Information with Linux's Network Mapper tool.

---

Closed Caption:

and that's a free open source network
not going to love
- all the distribution such as about to
end Dora is a versatile tool that can
perform a variety of network scanning
the security testing function
select and maps common applications
include performing pink slips
port scans spoofing the IP addresses and
covertly gathering intelligence on a
network peaks involve utilizing icmp to
systematically go up and down available
host IDs in a particular subnet features
that returns of echo reply is enumerated
maybe use some further explains what's
that has been discovered scans of all
private up and down open parts on her
that have been discovered the previous
piece suite different exploits can be
leveraged against each other space on
that host open courts the host open
ports indicate the services it offers on
the protocols that allows to its far
walls and soldiers and this will most
particular vulnerabilities that apply to
it
confirming paying support scans
generates signatures that can set off
the alarms on a network intrusion
detection system or IDs to avoid this
and Matt construe the IP address of a
chested server or workstation on the
network
- custom packet crafting the search
field data essentially it can
impersonate a trusted client so as not
to trigger an alarm or aroused
suspicions
in addition to all these tasks and map
can reveal the operating system of a
particular house by analyzing htcs it
conforms to certain signatures that
match predefined profiles
the map is one tool among many that can
help you test audit and harden your
network that is often used in
combination with many other tools such
as netcat smart wireshark game enable
left crack and manual techniques such as
banner grabbing
I'm going to look at a wonderful three
networking all known as a nap or network
now gives him a few times here and
basically just want to install it and to
advocate install then map
alright know if that configured it all
let's um let's put to use
with a map installed on let's go out
there and use some of these you know
switches and options and the first thing
we'll do is a pain sweet and we're just
going to scan the network
I'm for any IP so respond with an echo
reply
one and two and actually let's do this
network error went to 77 1302 use a
classy subnet mask
alright and so she's going to want to
obtain sleep and look for everything
that address and here we found a bunch
of ip's on the network and just kind of
going through them
I know that what is the gateway and the
13 is my linux server Pegasus 14 like an
XP machine
I'm 16 is my android tablet and let's
see 17 is my hackintosh my little tushy
by three that's running snow leopard 18
is my a linux host galactic assist arm
and 19 is my linux phone and actually if
I can pick up my ipod and I'm gonna run
the scan one more time so they can pick
up the ipod since this is amazing some
of the devices that you can pick up with
the pink sweet
all right
and we go there and in this case 14
there you go yeah my ipad my ipods 14
excuse me to even pick up my ipod it so
you can you can gather you can start to
gather information just by doing a
simple ping sleep within map
very good tool
ok on the next thing we'll do
is again another pink food our scan but
this time we're going to kind of a type
it to port 80
the reason is a lot of router sometimes
for securities will block icmp traffic
but if we pipe into port 80 we might get
some you know additional information so
and map and we use the same options
s & p and this time I'm going to specify
a port for 80 and i'm going to do 1927
13-0 and a classy subnet mask is over
here we'll see if we can turn up
anything else
ok that was to port 80
then the next I'm going to do I'm going
a start . skin and this will basically
try to you know I'm trying to go out
there and look for ap's but if somebody
were using in a packet capture software
or do an intrusion detection
this year will generate a signature
basically would realize that i'm using
software in this case and map to go out
and just sequentially pain host
addresses our host IP is in a particular
subnet or network and so that would be
you know there's a pattern that gets
generated it would see that pattern you
know
1 13 14 16 17 18 so this is sort of
would be a little bit
you sneak your way to do it if we were
trying to get a pass in packet capture
software our own was going to do in map
and we use this option s and s and 1927
13-0 in this case is my network and
arm I'm gonna go to pick up a culiar IP
address in this case let's see who I
want
you don't want to access I'm going to do
my android tablet
let's see what I could be with my
android tablet
let me supply pseudo there
all right
I was able to get the backup
yes and there you can see it's marcus
marcus internet so that are considered a
tablet and all right so I'm clicking a
little bit of information about hosts
that might not otherwise no arm
what about another linux machine we look
at a pegasister
13
for care
and
let's see what about my ipod
I do my ipod let's see
grab its IP here
just wanted to just a ping sweep
right
and
and it's using the IP address of 20
yeah
I'm going to spray
as with a little bit more try to get a
little bit more information on this
in this case are so let's see if you
collect any information groups or what
we're going to get root privileges her
and
so get in here from any more information
on the ipod
ok got the mac address is yet iphone
side right able to tell exactly what
it's running there are looking at my
phone
let's try that on my phone
it's just a lot
and it runs w visits I've got a triple
boot now sets debian runs maemo would
you know sort of like a bun - and it
runs Android triple good
what about my hackintosh let's try 17
here which is the hacking - so we're
getting information on that
ok
and how
ok
this case this is a
the seven client
ok I'm not going to a port scan of the
entire network
I'm so again i'm gonna use that map and
this time the dosh SF option and then
specify my entire network 1992 a
southern 13-0 the network addresses
classy on
so in the reactants are classy subnet
mask and this will just kind of go out
to a port skin
look Sammy do system
mr. fedora here and I used to sudo in it
and about to do everything to get those
three privileges just a good thing
and we have 12 does it is i think you
know very secure
all right so it's just going to an
enumerated different ports here and i
was able to pick up in this case you
know on this is the Pegasus server there
are running ftp secure shell tell that
HTTP
here's my ipod they're not really an
iphone but it's not my ipod but so you
just
I'm able to kind of I'm slowly getting
information on getting IP addresses
I'm getting operating systems now I know
Damon's and services that are running
and with them
that means that you know certain ports
have to be open and you know I can
slowly gather information about a
network even a network that I don't know
anything about just using you know
different tools in this case it happened
and these different options
now um you know I could
information but also if i wanted to i
can pass an extra option here and write
the results of this information to keep
the texts fall somewhere and so if i did
that are just going to pass it right
here and just say our call it in food
that txt
I'm just going to be like a hard copy
so to speak
all right
and if i look at the contents her home
you know remember I called The Fault
info . tax so I'm going to this cat it
and throw that txt and there's the
results are there is my android tablet
vmware server running linux or ftp ftps
secure shell tell HTTP there's my router
gateway or in this case with my wife she
has put it up on the network i got her
mac address or IP
here's my ipod there's my phone right
there on my phone on the network
just looking at the results of different
scans