WEBVTT 00:00.630 --> 00:01.770 Hello, my name is Stephan. 00:01.770 --> 00:03.570 Welcome to our Nmap lecture. 00:03.570 --> 00:08.400 In this lecture, we will dive into the exciting world of network reconnaissance. 00:08.400 --> 00:16.470 So today we will explore a crucial task for penetration testers and system administrators, like finding 00:16.470 --> 00:18.120 online hosts. 00:18.120 --> 00:25.980 So we will discover how Nmap, the go to tool for network scanning, offers enhanced host detection 00:25.980 --> 00:31.350 capabilities and provides valuable insights beyond the traditional ping utilities. 00:32.000 --> 00:36.710 Segment one The Importance of Host Discovery. 00:37.010 --> 00:44.330 Before we begin our exploration of Nmp's capabilities, let's understand why finding online hosts is 00:44.330 --> 00:51.920 such a fundamental task in today's interconnected world where networks span vast geographic areas on 00:51.920 --> 00:53.840 the Internet links countless devices. 00:53.870 --> 01:00.360 Being able to identify active machines within a network or on the Internet is crucial. 01:00.380 --> 01:08.120 Penetration testers rely on host discovery to identify potential entry points and vulnerabilities, 01:08.120 --> 01:14.900 while system administrators use it to monitor network health and ensure the smooth operation of their 01:14.900 --> 01:15.680 systems. 01:16.600 --> 01:20.110 Segment two of the Nmap pink scan. 01:20.110 --> 01:28.120 So Nmap pink scan feature takes host detection to the next level by sending a series of probes so the 01:28.120 --> 01:37.450 Nmap goes beyond the icnp echo request commonly used by traditional ping utilities like ping here for 01:37.450 --> 01:42.760 example, pink less pink to ourselves here on our machine. 01:44.690 --> 01:46.850 And as you can see, this is just a pink, right? 01:46.850 --> 01:52.430 So Nmap goes beyond this echo request commonly used like this. 01:52.700 --> 02:00.200 So this comprehensive approach increases the accuracy and reliability of host detection, allowing us 02:00.200 --> 02:05.150 to gather valuable information about the online entities within a target network. 02:05.150 --> 02:07.730 So segment three. 02:08.420 --> 02:12.710 We can execute a ping scan to launch a ping scan with an Nmap. 02:12.710 --> 02:15.200 So we we will utilize this command here. 02:15.200 --> 02:20.660 So this code here, so Nmap scan and here we will enter our target. 02:20.660 --> 02:21.200 Right? 02:21.200 --> 02:23.840 So the SDN here. 02:25.460 --> 02:33.440 Option interacts Nmap to disable port scanning and focus solely on the host discovery phase. 02:33.470 --> 02:41.810 It's worth noting that the Nmap supports a wide range of target specifications, including IP version 02:41.810 --> 02:50.690 four, IP version six addresses, host names and network ranges defined using the wildcards and cedar 02:50.720 --> 02:51.680 notations. 02:51.680 --> 02:57.800 So, for example, to scan the local network, we will first need to understand learn what is the local 02:57.800 --> 03:00.290 network IP starts with here and now. 03:00.290 --> 03:03.590 We will use this Nmap as n here. 03:03.590 --> 03:07.370 192.168.0. 03:07.700 --> 03:11.390 13.1 and 24 here. 03:12.220 --> 03:20.980 So and as you can see now, we are scanning the our Host So segment for analyzing the results. 03:20.980 --> 03:28.690 So once the pink scan is complete, a Nmap provides us with a comprehensive list of hosts that responded 03:28.690 --> 03:30.550 to its probing packets. 03:30.550 --> 03:38.110 So these active machines represent the online entities within the target network segment or the Internet. 03:38.110 --> 03:44.530 So by examining the results, we can gain insights into the network composition, identifying potential 03:44.560 --> 03:51.280 bottlenecks or misconfigurations and further refine our understanding of the target environment. 03:53.200 --> 03:58.640 Segment five uncovering additional details and maps. 03:58.660 --> 04:01.810 Pink scans over more than just the host discovery. 04:01.810 --> 04:09.490 So when executed with sufficient privileges on local Ethernet networks, Nmap can also identify Mac 04:09.490 --> 04:13.640 addresses and associated vendors based on Mac address identifiers. 04:13.660 --> 04:19.360 This additional information allows us to gain insight into the devices present on the network, aiding 04:19.360 --> 04:22.120 in network inventory management and security assessments. 04:22.120 --> 04:27.790 So in order to do that we will just add pseudo before Nmap to run it with pseudo privileges. 04:27.790 --> 04:29.980 And here you will see. 04:31.040 --> 04:33.410 Also the Mac addresses right here. 04:34.190 --> 04:42.140 Segment six Under the Hood How Nmap works to understand the mechanics behind the Nmap pink. 04:42.500 --> 04:45.080 So this pink scans here. 04:45.080 --> 04:48.650 So let's delve into the inner workings of this powerful tool. 04:48.680 --> 04:58.020 This is an option, as mentioned earlier, disables port scanning and focuses solely on the host discovery 04:58.070 --> 05:04.820 interface depending on the user's privileges and Map utilizes various techniques to determine the online 05:04.820 --> 05:05.990 status of a host. 05:05.990 --> 05:09.290 So when executed as privileged users here. 05:09.860 --> 05:19.010 So Nmap employs a combination of techniques, so it sends TCP sync a packet to the port 443 and TCP 05:19.010 --> 05:19.550 acknowledge. 05:19.550 --> 05:28.790 So TCP, TCP, TCP packet to the port 80 and ICMP echo and timestamp requests. 05:28.790 --> 05:37.620 So these the probe helps to ensure that even hosts with restrictive firewall rules can be detected. 05:37.620 --> 05:44.580 So if the user running Nmap doesn't have the capability to send raw packets, it employs the connect 05:44.580 --> 05:53.130 system call to the to send the syn packets on port 80 and port 443. 05:55.250 --> 05:59.910 Segment seven exploring local Ethernet networks. 05:59.930 --> 06:08.720 When scanning local Ethernet networks as privileged users, Nmap activates ARP Neighbor Discovery so 06:08.720 --> 06:11.840 further enhancing host detection capabilities. 06:11.840 --> 06:19.670 So by leveraging ARP request, Nmap can identify Mac addresses and associated vendors. 06:19.670 --> 06:28.010 And this information becomes invaluable in understanding the composition of the network and identifying 06:28.010 --> 06:31.010 the types of devices connected. 06:32.040 --> 06:41.160 So in conclusion, Nmap revolutionizes the way we discover online hosts with its robust pink scan capabilities 06:41.160 --> 06:47.760 and by leveraging Nmap, extensive probing techniques and privileged user functionalities, penetration 06:47.760 --> 06:53.550 testers and system administrators can gain a comprehensive understanding of their networks. 06:53.550 --> 06:59.190 Remember, host Discovery is the first step towards a secure and efficient system. 06:59.190 --> 07:05.610 So go ahead, unleash the power of Nmap and embark your network reconnaissance journey.