These ports all indicate some sort of listening service on this particular machine. This particular host has quite a bit of open network ports. Let’s try letting nmap port scan these specific hosts and see what turns up. This time nmap returns some prospective hosts for scanning! In this command, the -sn disables nmap’s default behavior of attempting to port scan a host and simply has nmap try to ping the host. Nmap – Ping All Connected Live Network Hosts This next trick will tell nmap to simply try to ping all the addresses in the 192.168.56.0/24 network. Not to worry though, there are some tricks that nmap has available to try to find these machines. Find and Ping All Live Hosts on My Network Sometimes this is a factor of the way certain Operating Systems handle port scan network traffic. Sadly, this initial scan didn’t return any live hosts. This scan is known as a ‘ Simple List’ scan hence the -sL arguments passed to the nmap command. A quick nmap scan can help to determine what is live on a particular network. Let’s say though that the IP address information was unavailable. The Kali machine has an IP address of 192.168.56.101 and the Metasploitable machine to be scanned has an IP address of 192.168.56.102. In this example, both of the machines are on a private 192.168.56.0 /24 network. This made things easier and safer since the private network range would ensure that scans remained on safe machines and prevents the vulnerable Metasploitable machine from being compromised by someone else. For this particular tutorial, a private network with a Kali machine and a Metasploitable machine was created. Once a terminal has been launched, the nmap fun can begin. All shell programs listed will work for the purposes of nmap.
The author is a fan of the shell program called ‘ Terminator‘ but this may not show up in a default install of Kali Linux. Navigating to a terminal can be done as follows: Applications -> System -> ‘ Xterm‘ or ‘ UXterm‘ or ‘ Root Terminal‘. By clicking on the desktop background, a menu will appear. Once logged into Enlightenment, a terminal window will need to be opened. Once logged in to the Kali Linux machine, using the command ‘ startx‘ the Enlightenment Desktop Environment can be started – it is worth noting that nmap doesn’t require a desktop environment to run.
The first step to working with nmap is to log into the Kali Linux machine and if desired, start a graphical session (This first article in this series installed Kali Linux with the Enlightenment Desktop Environment).ĭuring the installation, the installer would have prompted the user for a ‘ root‘ user password which will be needed to login.
Another computer and permission to scan that computer with nmap – This is often easily done with software such as VirtualBox and the creation of a virtual machine.Kali Linux (nmap is available in other operating systems and functions similar to this guide).
Please use caution when using the nmap tool. Extreme caution should be taken to ensure that you aren’t using nmap against systems that permission has not be explicitly provided in a written/legal agreement. Many scripts have been developed and included with most nmap installs.Ī word of caution – nmap is a commonly used by people with both good and bad intentions. This scripting engine allows administrators to quickly create a script that can be used to determine if a newly discovered vulnerability exists on their network. Nmap’s functionality can be extended even further with the Nmap Scripting Engine, often abbreviated as NSE. Nmap has the ability to quickly locate live hosts as well as services associated with that host.