1
00:00:00,270 --> 00:00:06,150
Throughout the course, we’re going to learn how to use NMAP in detail to scan the networks.  NMAP

2
00:00:06,450 --> 00:00:15,630
"Network Mapper" is  a free and open source utility for network discovery and security auditing. Many systems

3
00:00:15,630 --> 00:00:22,040
and network administrators also find it useful for tasks such as network inventory, managing service

4
00:00:22,040 --> 00:00:28,650
upgrade schedules, and monitoring host or service uptime. NMAP runs on all major computer operating

5
00:00:28,650 --> 00:00:36,240
systems, and official binary packages are available for Linux, Windows, and Mac OS X. Nmap has been used

6
00:00:36,240 --> 00:00:42,280
to scan huge networks of literally hundreds of thousands of machines. Nmap is usually very good at documentation.

7
00:00:42,280 --> 00:00:43,880
documentation.

8
00:00:43,880 --> 00:00:49,880
Significant effort has been put into comprehensive and up to date man pages, white papers, tutorials and

9
00:00:49,880 --> 00:00:57,770
even a whole book. You can visit nmap.org to find out more about Nmap. While Nmap comes

10
00:00:57,770 --> 00:00:59,270
no warranty.

11
00:00:59,270 --> 00:01:03,040
It is well supported by a vibrant community of developers and user.

12
00:01:03,530 --> 00:01:09,740
It's one of the most well-known tools of the network security domain and indeed with a lot of facilities

13
00:01:09,770 --> 00:01:11,800
it's very powerful.

14
00:01:11,990 --> 00:01:18,200
In addition to the classic command-­line Nmap executable, the Nmap suite includes an advanced GUI

15
00:01:18,230 --> 00:01:26,300
and results viewer Zenmap. A flexible data transfer, redirection, and debugging tool (Ncat), a utility for

16
00:01:26,300 --> 00:01:34,280
comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping). Nmap

17
00:01:34,280 --> 00:01:42,490
uses raw IP packets in novel ways.  To determine what hosts are available on the network,  which ports

18
00:01:42,490 --> 00:01:47,580
of these hosts are accessible, what services those hosts are offering,

19
00:01:47,750 --> 00:01:55,700
what operating systems are running what type of packet filters / firewalls are in use and dozens of other

20
00:01:55,700 --> 00:01:56,950
characteristics.

21
00:01:57,690 --> 00:02:03,630
Beyond all these, Nmap has its own scripting engine and allows developers to develop new modules.

22
00:02:03,630 --> 00:02:08,470
In the following lectures to discover the network will perform the following with Nmap.

23
00:02:08,639 --> 00:02:15,030
First we'll use Ping's scans to find out the host in the network. Then we'll use different types of port

24
00:02:15,030 --> 00:02:21,820
scan to find the open or accessible ports. We will detect the services running on the port and their versions.

25
00:02:22,180 --> 00:02:25,760
We'll try to learn the operating system is running on the systems.

26
00:02:25,780 --> 00:02:32,100
After that, we’ll see how to use scripts with Nmap scans. And we’ll learn some important scripts as well.

27
00:02:32,610 --> 00:02:38,740
Nmap sends some packets to discover the network. To prevent security devices from blocking our packets,

28
00:02:38,970 --> 00:02:41,640
Here's where we're going to learn some timing tricks.

29
00:02:41,640 --> 00:02:46,570
Then we’ll see what we can do more to bypass security devices such as packet filters,

30
00:02:46,620 --> 00:02:48,390
IDS or IPS.

31
00:02:48,570 --> 00:02:50,790
Here there is an NMAP command example.

32
00:02:50,790 --> 00:02:56,350
Let’s see some basic parameters of the Nmap command. “nmap” is, of course, the command itself.

33
00:02:57,440 --> 00:03:05,690
“-s” is to define the scan type. If you use -­s with T (uppercase T)  as seen in the slide, it means, you want to run a TCP scan.

34
00:03:05,690 --> 00:03:10,010
We’ll see the important scan types in detail.

35
00:03:10,180 --> 00:03:14,860
If you don't use this parameter and you have the administrator privileges on the computer where you're

36
00:03:14,860 --> 00:03:21,610
using Nmap, SYN scan is the default scan type. If you don’t have the admin privileges on the computer, TCP

37
00:03:22,090 --> 00:03:28,590
TCP scan will run. Destination IP address is the only required parameter to run this command.

38
00:03:29,540 --> 00:03:37,030
It means, you can run the Nmap command like “nmap 172.16.99.139”.

39
00:03:37,160 --> 00:03:42,200
This is the IP address of the target machine which you want to scan.

40
00:03:42,230 --> 00:03:47,780
You can either give a single IP address or give an IP block or an IP range as a target but we'll see

41
00:03:47,780 --> 00:03:48,420
that soon.

42
00:03:49,220 --> 00:03:55,110
Destination ports are the port number that you want to scan. If the target port numbers are not given

43
00:03:55,110 --> 00:03:58,360
to the command, top 1000 ports will be scanned.

44
00:03:59,510 --> 00:03:59,960
Be careful.

45
00:03:59,960 --> 00:04:06,090
I didn’t say ”first 1000 ports”, I said “top 1000 ports”. That means

46
00:04:06,300 --> 00:04:10,580
That means the most used thousand ports will be scanned.

47
00:04:10,600 --> 00:04:14,410
There are different ways to enter destination ports and we'll see them in detail.