Nmap – Port Scanning And OS Detection
well , If you are planning to attack a system, or a simply testing your own system, you will pretty much always need an IP address and port number through which to exploit right ?
so , Network scanners provide you with the information you need to discover certain holes, such as ports with vulnerable applications running.
Network Mapper (Port Scanners) scan an IP address or a range of IP addresses. They can find what computers are on a network, or how many applications are running on a computer. They are also good for determining firewall rules and other access control policies.
Nmap is the best port scanner available, with the widest range of features.
Alright , let me explain some basic Nmap Scanner features , whenever you Launch a Port scan of any target Nmap will comes up with this
“Six Port States” means nmap recognized these 6 ports Stats ,you need to understand the meaning of these States (Most of you are already aware of it )
there is a lengthy explanation about these 6 ports stats in the official nmap website , em gona just tell the basic so then everyone can easily understand it.
# Open: Means that there is an application running on a port which accepts TCP/UDP/SCTP.
# Closed: There is no application running on the port.
# Filtered: A firewall or IPS (intrustion prevention system) is hindering nmaps ability to determine whether or not the port is open because a packet filtering device is blocking any probing nmap carries out.
# Unfiltered: Similar to above, except there is no firewall or IPS but nmap does not know whether or not it is open or closed.
# Open Filtered: Nmap cannot determine if the port is either open or filtered.
# Closed Filtered: Nmap cannot determind if the port is either closed or filtered.
Nmap is a very simple tool to use actually, the difficulty with using nmap resides in when you use which type of scan (because there are ALOT)
Here are a list of most of the types of scans nmap can support along with their corresponding switches, I won’t bother explaining them all because the guys at nmap have already done that for you 
you can read those from here : http://nmap.org/bennieston-tutorial/
Anyway , i’ll show you the types of scan which nmap uses.
* TCP Connect Scan -sT
* SYN Stealh Scan -sS
* FIN Scan -sF
* Null Scan -sN
* Xmas Tree Scan -sX
* Ping Scan -sP
* UDP Scan -sU
* IP Protocol Scan -sO
* Idle Scanning -sI
* Version Detection Scan -sV
* ACK Scan -sA
* Windows Scan -sW
* Operating System Detection -O -V
I am not going to do all of these scans, because that is just silly. Instead, I will carry out a simple SYN stealth scan AND an operating system detection scan on one of my machines on network.
ok lets Starts , Open the terminal and type..
apt-get install nmap
This above command will install the latest version of Nmap into your linux , ( em using Backtrack here )
if the above command does’nt work for you then try with YUM ( Redhats )
yum install namp
if you still got any error installing it , you can reply this thread i’ll help you out.
Anyway , After Installation lets Launch SYN Stealth Scan !
Nmap -sS xxx.xxx.xxx.xxx ( Hit Enter )
The xxx… is supposed to be the local ipv4 address of your target machine, ( You can even use the website address ) the one you wish to scan.
Obviously, in the -sS part the first s stands for scan and the second S signifies a SYN scan.
for more understanding em showing you the screenshots too ..
here look at the results .
![[Image: 2ppzul3.png]](https://i0.wp.com/i48.tinypic.com/2ppzul3.png)
So, Nmap scanned the address and has “hopefully” displayed a bunch of open ports to you (as well as a MAC Address, sometimes it will give you the manufacturer of the hardware like mine did).
ok thats it , we did complete the SYN scan . simple is’nt ? L0olx
Well , After you have seen a bunch of ports open and began looking for vulnerabilities and exploits corresponding to these ports (explained later) you may need to figure out what operating system the target machine is running. Afterall, a machine may have an open port which can be compromised by both a windows exploit or linux exploit but it depends on whether or not the target is actually running one of those operating systems.
It would be a bit annoying if they were running MACOSX 
Alright , now em going to Detect the OS , for that type :
Nmap -O -v xxx.xxx.xxx.xxx
The -O switch is designed to scan operating systems (hence the O) and the -v for “verbosity” which basically means “show ALL the information you find from the probe”.
Results :
![[Image: amxk7m.png]](https://i0.wp.com/i49.tinypic.com/amxk7m.png)
NOTE: YES, I know the text is tiny, I just zoomed out of the terminal so you could see how much information you SHOULD receive. The information there is irrelevant to you because you should perform this and get your own results. ok The operating system information is towards the bottom.
This scan was successful in detecting my Operating System, Windows 7! Although it did also think it COULD be windows server 2008, in cases of these dual positives you should probably run a version scan to narrow it down. That is performed with nmap -sV -O -v xxx.xxx.xxx.xxx.
You can see Nmap is a very simple but powerful tool and MUST be used before you ever attempt a penetration test on another machine.
it is crucial in determing running services, open ports to exploit and the operating system of a target.
Note :- Tutorial Is Not Written By Me
All Credits Goes To M4DSh4k(MaDLeeTs)
Thank Yoy ❤
Mads Security | Cyer News 