Network scanning is a crucial step for network security assessment. NMAP is a powerful network scanning tool that can be used to discover hosts and services on a computer network. Here's a simple guide to perform a network scan using NMAP:
- Discover Live Hosts: Begin by identifying all the live hosts on the network. Use the command:
nmap -sn 192.168.4.0/24 -oN live_hosts.txt
This command performs a ping scan over the specified subnet and saves the list of live hosts to a file named live_hosts.txt.
- Extract IP Addresses: Next, extract the IP addresses of the live hosts using grep and awk with the command:
grep "Nmap scan report for" live_hosts.txt | awk '{print $5}' > ip-addresses.txt
This will parse the scan report and save the IP addresses into ip-addresses.txt.
- Operating System Detection: To detect the operating system of each live host, run the following command with root privileges:
sudo nmap -iL ip-addresses.txt -O -oN os-detection.txt
This command will use the list of IP addresses and attempt to determine the operating system of each host, saving the results to os-detection.txt.
- Service Version Detection: Identifying the version of services running on open ports can be done with:
nmap -iL ip-addresses.txt -sV -oN common_services.txt
This will perform a service scan and save the information about common services to common_services.txt.
- Vulnerability Scanning: For a more in-depth security assessment, conduct a vulnerability scan using:
nmap -iL ip-addresses.txt --script vuln -oN vulnerabilities.txt
This uses NMAP's scripting engine to check for vulnerabilities on the hosts and records the findings in vulnerabilities.txt.
By following these steps, you can obtain a comprehensive view of the network's topology, the services running, and potential vulnerabilities. Always ensure you have permission to scan the network, as unauthorized scanning can be illegal.