1
00:00:00,630 --> 00:00:01,770
Hello, my name is Stephan.

2
00:00:01,770 --> 00:00:03,570
Welcome to our Nmap lecture.

3
00:00:03,570 --> 00:00:08,400
In this lecture, we will dive into the exciting world of network reconnaissance.

4
00:00:08,400 --> 00:00:16,470
So today we will explore a crucial task for penetration testers and system administrators, like finding

5
00:00:16,470 --> 00:00:18,120
online hosts.

6
00:00:18,120 --> 00:00:25,980
So we will discover how Nmap, the go to tool for network scanning, offers enhanced host detection

7
00:00:25,980 --> 00:00:31,350
capabilities and provides valuable insights beyond the traditional ping utilities.

8
00:00:32,000 --> 00:00:36,710
Segment one The Importance of Host Discovery.

9
00:00:37,010 --> 00:00:44,330
Before we begin our exploration of Nmp's capabilities, let's understand why finding online hosts is

10
00:00:44,330 --> 00:00:51,920
such a fundamental task in today's interconnected world where networks span vast geographic areas on

11
00:00:51,920 --> 00:00:53,840
the Internet links countless devices.

12
00:00:53,870 --> 00:01:00,360
Being able to identify active machines within a network or on the Internet is crucial.

13
00:01:00,380 --> 00:01:08,120
Penetration testers rely on host discovery to identify potential entry points and vulnerabilities,

14
00:01:08,120 --> 00:01:14,900
while system administrators use it to monitor network health and ensure the smooth operation of their

15
00:01:14,900 --> 00:01:15,680
systems.

16
00:01:16,600 --> 00:01:20,110
Segment two of the Nmap pink scan.

17
00:01:20,110 --> 00:01:28,120
So Nmap pink scan feature takes host detection to the next level by sending a series of probes so the

18
00:01:28,120 --> 00:01:37,450
Nmap goes beyond the icnp echo request commonly used by traditional ping utilities like ping here for

19
00:01:37,450 --> 00:01:42,760
example, pink less pink to ourselves here on our machine.

20
00:01:44,690 --> 00:01:46,850
And as you can see, this is just a pink, right?

21
00:01:46,850 --> 00:01:52,430
So Nmap goes beyond this echo request commonly used like this.

22
00:01:52,700 --> 00:02:00,200
So this comprehensive approach increases the accuracy and reliability of host detection, allowing us

23
00:02:00,200 --> 00:02:05,150
to gather valuable information about the online entities within a target network.

24
00:02:05,150 --> 00:02:07,730
So segment three.

25
00:02:08,420 --> 00:02:12,710
We can execute a ping scan to launch a ping scan with an Nmap.

26
00:02:12,710 --> 00:02:15,200
So we we will utilize this command here.

27
00:02:15,200 --> 00:02:20,660
So this code here, so Nmap scan and here we will enter our target.

28
00:02:20,660 --> 00:02:21,200
Right?

29
00:02:21,200 --> 00:02:23,840
So the SDN here.

30
00:02:25,460 --> 00:02:33,440
Option interacts Nmap to disable port scanning and focus solely on the host discovery phase.

31
00:02:33,470 --> 00:02:41,810
It's worth noting that the Nmap supports a wide range of target specifications, including IP version

32
00:02:41,810 --> 00:02:50,690
four, IP version six addresses, host names and network ranges defined using the wildcards and cedar

33
00:02:50,720 --> 00:02:51,680
notations.

34
00:02:51,680 --> 00:02:57,800
So, for example, to scan the local network, we will first need to understand learn what is the local

35
00:02:57,800 --> 00:03:00,290
network IP starts with here and now.

36
00:03:00,290 --> 00:03:03,590
We will use this Nmap as n here.

37
00:03:03,590 --> 00:03:07,370
192.168.0.

38
00:03:07,700 --> 00:03:11,390
13.1 and 24 here.

39
00:03:12,220 --> 00:03:20,980
So and as you can see now, we are scanning the our Host So segment for analyzing the results.

40
00:03:20,980 --> 00:03:28,690
So once the pink scan is complete, a Nmap provides us with a comprehensive list of hosts that responded

41
00:03:28,690 --> 00:03:30,550
to its probing packets.

42
00:03:30,550 --> 00:03:38,110
So these active machines represent the online entities within the target network segment or the Internet.

43
00:03:38,110 --> 00:03:44,530
So by examining the results, we can gain insights into the network composition, identifying potential

44
00:03:44,560 --> 00:03:51,280
bottlenecks or misconfigurations and further refine our understanding of the target environment.

45
00:03:53,200 --> 00:03:58,640
Segment five uncovering additional details and maps.

46
00:03:58,660 --> 00:04:01,810
Pink scans over more than just the host discovery.

47
00:04:01,810 --> 00:04:09,490
So when executed with sufficient privileges on local Ethernet networks, Nmap can also identify Mac

48
00:04:09,490 --> 00:04:13,640
addresses and associated vendors based on Mac address identifiers.

49
00:04:13,660 --> 00:04:19,360
This additional information allows us to gain insight into the devices present on the network, aiding

50
00:04:19,360 --> 00:04:22,120
in network inventory management and security assessments.

51
00:04:22,120 --> 00:04:27,790
So in order to do that we will just add pseudo before Nmap to run it with pseudo privileges.

52
00:04:27,790 --> 00:04:29,980
And here you will see.

53
00:04:31,040 --> 00:04:33,410
Also the Mac addresses right here.

54
00:04:34,190 --> 00:04:42,140
Segment six Under the Hood How Nmap works to understand the mechanics behind the Nmap pink.

55
00:04:42,500 --> 00:04:45,080
So this pink scans here.

56
00:04:45,080 --> 00:04:48,650
So let's delve into the inner workings of this powerful tool.

57
00:04:48,680 --> 00:04:58,020
This is an option, as mentioned earlier, disables port scanning and focuses solely on the host discovery

58
00:04:58,070 --> 00:05:04,820
interface depending on the user's privileges and Map utilizes various techniques to determine the online

59
00:05:04,820 --> 00:05:05,990
status of a host.

60
00:05:05,990 --> 00:05:09,290
So when executed as privileged users here.

61
00:05:09,860 --> 00:05:19,010
So Nmap employs a combination of techniques, so it sends TCP sync a packet to the port 443 and TCP

62
00:05:19,010 --> 00:05:19,550
acknowledge.

63
00:05:19,550 --> 00:05:28,790
So TCP, TCP, TCP packet to the port 80 and ICMP echo and timestamp requests.

64
00:05:28,790 --> 00:05:37,620
So these the probe helps to ensure that even hosts with restrictive firewall rules can be detected.

65
00:05:37,620 --> 00:05:44,580
So if the user running Nmap doesn't have the capability to send raw packets, it employs the connect

66
00:05:44,580 --> 00:05:53,130
system call to the to send the syn packets on port 80 and port 443.

67
00:05:55,250 --> 00:05:59,910
Segment seven exploring local Ethernet networks.

68
00:05:59,930 --> 00:06:08,720
When scanning local Ethernet networks as privileged users, Nmap activates ARP Neighbor Discovery so

69
00:06:08,720 --> 00:06:11,840
further enhancing host detection capabilities.

70
00:06:11,840 --> 00:06:19,670
So by leveraging ARP request, Nmap can identify Mac addresses and associated vendors.

71
00:06:19,670 --> 00:06:28,010
And this information becomes invaluable in understanding the composition of the network and identifying

72
00:06:28,010 --> 00:06:31,010
the types of devices connected.

73
00:06:32,040 --> 00:06:41,160
So in conclusion, Nmap revolutionizes the way we discover online hosts with its robust pink scan capabilities

74
00:06:41,160 --> 00:06:47,760
and by leveraging Nmap, extensive probing techniques and privileged user functionalities, penetration

75
00:06:47,760 --> 00:06:53,550
testers and system administrators can gain a comprehensive understanding of their networks.

76
00:06:53,550 --> 00:06:59,190
Remember, host Discovery is the first step towards a secure and efficient system.

77
00:06:59,190 --> 00:07:05,610
So go ahead, unleash the power of Nmap and embark your network reconnaissance journey.