NMAP: NETWORK MAPPER
Kali Linux employs a tool called NMAP to perform reconnaissance on the connected network. NMAP uses raw IP packets and It functions as a network auditing tool to determining the available host in network including the OS version, offered services (application/version).
My setup is a simple network system involving a switch, kali linux and 2 windows 7 machines.
Windows 7: 192.168.100.1/24
Windows 7: 192.168.100.2/24
Kali Linux: 192.168.100.3/24
Cisco Router: 192.168.100.4/24
Let's perform some command and check the corresponding output.
The basic command is nmap <Destination IP address>
On our example, basic NMAP command will show the network status of the host, open ports as well as the MAC address.
We can also ask NMAP to show the output of a range destination which will output both of the connected devices.
To perform a ping, use nmap -sP <Destination IP> which do a ping scan to the destined IP address.
Ping scan will only output the uptime status and the associated MAC address of the destination IP address.
To get some more detailed information from NMAP, we can use:
NMAP -sS -P0 -sV -O <Destination IP>
where:
-sS: performs a TCP SYN scan
-P0: performs a protocol scan
-sV: performs OS version verification
-O: performs discovery on the OS
On the router's perspective, issuing the command will give you the below output:
NMAP can also be customized to perform a lookup on the top used TCP ports using the command:
NMAP --top-ports 20 <Destination IP>. This command will output the top 20 used TCP port of the indicated destination IP.
To identify a specific TCP port, use the command NMAP -sT -p80 <Destination IP>
where:
-sT: TCP scan type
-p80: port 80
You can also configure NMAP to hide your IP address when doing a scan on the network. You can use -D for the decoy command and use any IP address on the network range that you are into.
To verify let's issue a SYN scan to the 192.168.100.1 and hide the penetrator's IP to 192.168.100.4.
As you can see, NMAP performed a SYN scan to all port of the 192.168.100.1 and hide its IP to 192.168.100.4.
To further check on the other variations of NMAP, you can issue a MAN NMAP on the kali linux.