Network Enumeration with Nmap - Introduction to Nmap

#readwise # Network Enumeration with Nmap - Introduction to Nmap ![rw-book-cover](https://academy.hackthebox.com/images/apple-touch-icon.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Network Enumeration with Nmap - Introduction to Nmap - URL: https://academy.hackthebox.com/module/19/section/100 ## Summary Nmap is an open-source tool used for network analysis and security auditing. It scans networks to identify available hosts, services, and operating systems. Network administrators use Nmap for tasks like security audits and vulnerability assessments. The tool offers various scanning techniques to gather information about network configurations and open ports. ## Highlights Network Mapper (`Nmap`) is an open-source network analysis and security auditing tool written in C, C++, Python, and Lua. It is designed to scan networks and identify which hosts are available on the network using raw packets, and services and applications, including the name and version, where possible. It can also identify the operating systems and versions of these hosts. Besides other features, Nmap also offers scanning capabilities that can determine if packet filters, firewalls, or intrusion detection systems (IDS) are configured as needed. ^scjgyl - Nmap is used to: ^z3erud - Audit the security aspects of network - Simulate penetration tests - Check firewall and IDS settings and configurations - Types of possible connections - Network mapping - Response analysis - Identify open ports - Vulnerability assessment as well. --- - Nmap can be divided into the following scanning techniques: ^f4za7o - Host discovery - Port scanning - Service enumeration and detection - OS detection - Scriptable interaction with the target service (Nmap Scripting Engine) ([View Highlight](https://read.readwise.io/read/01jp03acje1e0ttmde1k8cr9v3)) --- The syntax for Nmap is fairly simple and looks like this: ```sh nmap <scan types> <options> <target> ``` ([View Highlight](https://read.readwise.io/read/01jp03aqtx03cb6t86g2bvbxmv)) --- For example, the TCP-SYN scan (`-sS`) is one of the default settings unless we have defined otherwise and is also one of the most popular scan methods. This scan method makes it possible to scan several thousand ports per second. The TCP-SYN scan sends one packet with the SYN flag and, therefore, never completes the three-way handshake, which results in not establishing a full TCP connection to the scanned port. ^o1n0qx - With TCP-SYN scan (`sS`) ^56bm5j - If our target sends a `SYN-ACK` flagged packet back to us, Nmap detects that the port is `open`. - If the target responds with an `RST` flagged packet, it is an indicator that the port is `closed`. - If Nmap does not receive a packet back, it will display it as `filtered`. Depending on the firewall configuration, certain packets may be dropped or ignored by the firewall. ([View Highlight](https://read.readwise.io/read/01jp03dxjzgfzp0cx00jwpfk2w)) ---