Nmap is a powerful scanning and auditing utility that can help diagnose problems with systems, particular in terms of firewall settings. With nmap, you can determine whether or not your firewall rules are working as they should, make sure you've got everything locked down the way you want it, and so forth. Every Linux distribution comes with nmap; it's too indispensable not to.
To do a quick scan of a remote host, use:
# nmap -sT host
This will execute a TCP connect() port scan on the remote host and report on open ports. Another similar scan is to use the -sS option, which does a TCP SYN stealth port scan, but this scan requires root privileges. This accomplishes roughly the same thing as using -sT but there is less of a chance that the remote system will log the connection.
Other features include using the -O option to tell nmap to try to determine the remote operating system by fingerprinting it using various techniques.
You can also do "sweep" scans by telling nmap a range of IPs to scan which can be a great way of determining what IPs are being used by what hosts. For instance:
# nmap -sP '192.168.0.*'
This will do a quick ping scan to determine if any of the IP's in the range 192.168.0.0-192.168.0.255 are available, and will report those that respond to pings.
Another option is to use the -sV option, which will attempt to obtain version numbers for applications on any open ports:
# sudo nmap -sV remote.host.com
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-02-28 15:08 MST
Interesting ports on remote.host.com (192.168.0.12):
(The 1652 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.2.9
22/tcp open ssh OpenSSH 3.6.1p2 (protocol 1.99)
25/tcp open smtp Exim smtpd 4.43
111/tcp open rpcbind 2 (rpc #100000)
804/tcp open rpc
1000/tcp open status 1 (rpc #100024)
1022/tcp open ssh OpenSSH 3.6.1p2 (protocol 1.99)
2049/tcp open nfs 2-4 (rpc #100003)
6002/tcp open X11:2?
6003/tcp open X11:3?
6667/tcp open irc?
Nmap run completed — 1 IP address (1 host up) scanned in 107.364 seconds
As you can see, nmap is quite versatile and extremely useful for helping determine what information is publicly accessible from your system by remote.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.