Nmap: beyond the basics

You probably have used nmap before, but did you know there are plenty of cool options to spice up your scanning sessions? for example, you can specify the –open option to show only open ports, or –reason if you want to see why a port is in the state it is (open/closed/filtered), if you want to dig deeper you could add the –packet-trace flag, which will make nmap show you all the packets sent and received.

sudo nmap -sS -p 80 66.187.104.70 --open --reason --packet-trace

nmap-trace

Another useful thing you can do with nmap is a reverse dns scan, using the -sL option and a bit of awk magic you can get output like this:

nmap -sL 66.187.104.70/24 -oG - | grep -v '(\w*)' | grep -v Nmap | awk '{ print $2 " " $3 }'

nmapSL

You could also use the –traceroute option and save the results to xml format using -oX, then load this into zenmap for visualization.

zenmap-topo

If you want to learn more take a look at the online book here or you can buy the full book from amazon: Nmap Network Scanning: The Official Nmap Project Guide

Leave a Reply