NMAP is an open source application and may be downloaded for free from insecure.org. Installation is straight forward. To install on Windows using the executable package:
- Double click the installer file
- Click the ‘I Agree’ button to accept the licensing term
3. Accept the defaults on the Choose Components dialog box. Click the ‘Next’
button.
4. Choose an installation directory (or accept the default). Click the ‘Install’ button.
5. Installation of NMAP will proceed.
6. Winpcap is required component of NMAP. Its installation will start during the install if NMAP. Read the license agreement and click the ‘I Agree’ button.
7. Select an installation directory (or accept the default). Click the ‘Install’ button.
8. The installation of Winpcap will now proceed. Click the ‘Finish’ button on the Winpcap completed dialog box.
9. Click the ‘Close’ button on the NMAP completed dialog box.
Running NMAP on Windows
Launching NMAP
First ping the website to identify it's IP Address!
NMAP does not have GUI under windows and must be run from the command line.
NMAP is using a SYN scan, so it reports that all ports scanned are filtered.
Options used: -v for increased verbosity -A for os and software version detection -p1-65535 to set the range of ports to scan
Notice that this scan took almost an hour to scan all ports on one host. This scan would take considerably longer if a TCP connect scan were used.
Also notice that at least one open and one closed port are required in order for OS version detection to work reliably.
Finally, ‘–vv’ may be used for even more detailed output reporting.
C:'Documents and Settings'Administrator>Nmap -v -A -p1-65535 192.168.1.124 Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-23 22:04 Central America Standard Time Initiating ARP Ping Scan at 22:04 Scanning 192.168.1.124 [1 port] Completed ARP Ping Scan at 22:04, 0.17s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 22:04 Completed Parallel DNS resolution of 1 host. at 22:04, 0.03s elapsed Initiating SYN Stealth Scan at 22:04 Scanning 192.168.1.124 [65535 ports] SYN Stealth Scan Timing: About 2.04% done; ETC: 22:29 (0:23:58 remaining) SYN Stealth Scan Timing: About 58.48% done; ETC: 22:46 (0:17:26 remaining) SYN Stealth Scan Timing: About 88.44% done; ETC: 22:52 (0:05:29 remaining) SYN Stealth Scan Timing: About 96.95% done; ETC: 22:54 (0:01:30 remaining) Completed SYN Stealth Scan at 22:54, 2951.77s elapsed (65535 total ports) Initiating Service scan at 22:54 Warning: OS detection for 192.168.1.124 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Initiating OS detection (try #1) against 192.168.1.124 Host 192.168.1.124 appears to be up ... good. All 65535 scanned ports on 192.168.1.124 are filtered MAC Address: 00:16:41:17:9D:B1 (USI) Too many fingerprints match this host to give specific OS details Network Distance: 1 hop OS and Service detection performed. Please report any incorrect results at http: //insecure.org/Nmap/submit/ . Nmap finished: 1 IP address (1 host up) scanned in 2976.652 seconds Raw packets sent: 131095 (5.770MB) | Rcvd: 1 (42B)
NMAP Example Scan 2
Options used: -v for increased verbosity -sT for a TCP connect scan -p1-65535 to specify the port rage from 1 to 65535 (all tcp ports)
C:'WINDOWS'system32'drivers'etc>Nmap -sT -p1-65535 192.168.1.124 Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-24 00:39 Central America Standard Time All 65535 scanned ports on 192.168.1.124 are filtered MAC Address: 00:16:41:17:9D:B1 (USI) Nmap finished: 1 IP address (1 host up) scanned in 6925.996 seconds
Read more: http://www.petri.co.il
For Further Reading,
