Scanning with nmap

Nmap is a powerful scanning and auditing utility that can help
diagnose problems with systems, particular in terms of firewall settings. With
nmap, you can determine whether or not your firewall rules are working as they should,
make sure you’ve got everything locked down the way you want it, and so forth. Every
Linux distribution comes with nmap; it’s too indispensable not to.

To do a quick scan of a remote host, use:

# nmap -sT host

This will execute a TCP connect() port scan on the remote host
and report on open ports. Another similar scan is to use the -sS option, which does a TCP SYN stealth
port scan, but this scan requires root privileges. This accomplishes roughly
the same thing as using -sT but there
is less of a chance that the remote system will log the connection.

Other features include using the -O option to tell nmap to try to determine the remote operating
system by fingerprinting it using various techniques.

You can also do “sweep” scans by telling nmap a
range of IPs to scan which can be a great way of determining what IPs are being
used by what hosts. For instance:

# nmap -sP '192.168.0.*'

This will do a quick ping scan to determine if any of the IP’s
in the range 192.168.0.0-192.168.0.255 are available, and will report those
that respond to pings.

Another option is to use the -sV option, which will attempt to obtain version numbers for
applications on any open ports:

# sudo nmap -sV remote.host.com

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-02-28 15:08 MST

Interesting ports on remote.host.com (192.168.0.12):

(The 1652 ports scanned but not shown below are in state: closed)

PORT     STATE SERVICE VERSION

21/tcp   open  ftp     ProFTPD 1.2.9

22/tcp   open  ssh     OpenSSH 3.6.1p2 (protocol 1.99)

25/tcp   open  smtp    Exim smtpd 4.43

111/tcp  open  rpcbind 2 (rpc #100000)

804/tcp  open  rpc

1000/tcp open  status  1 (rpc #100024)

1022/tcp open  ssh     OpenSSH 3.6.1p2 (protocol 1.99)

2049/tcp open  nfs     2-4 (rpc #100003)

6002/tcp open  X11:2?

6003/tcp open  X11:3?

6667/tcp open  irc?

Nmap run completed -- 1 IP address (1 host up) scanned in 107.364 seconds

As you can see, nmap is quite versatile and extremely useful
for helping determine what information is publicly accessible from your system
by remote.

Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, ...

PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an ...

PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit ...

Scanning with nmap