Here’s what you’ll see:

1. A general overview and explanation of NMAP.

2. How to download NMAP.

3. Practical ways to use NMAP.

4. Best way to learn NMAP and where to find documentation.

5. Testing out NMAP with an example. How do check if vulnerable ports are open?

1. General Overview:

What is NMAP? Well, it stands for Network Mapper that is used to discover large or single networks and analyze them to find vulnerabilities, stats, general information such as open and closed ports, MAC address, and much more.
So, if you are trying to understand networking and cybersecurity, this is a great application to learn.
But there’s so much you can do with NMAP that you can get lost in the weeds very quickly. The trick is to find out exactly what you wish to do (i.e. scan for ports, find OS versions, etc.) because there’s a lot of information that can get output all at once. This open-source application is a great free tool for anyone that wants to learn, but you must be willing to take the time to learn the documentation.

2. How to download NMAP

Here’s the link for all relevant information about NMAP: https://nmap.org.

LINUX

Well, the good thing about NMAP is that it’s available FREE! with all systems, including MAC, Windows and Linux based Distros. But for this case, we will practice some NMAP tools with Kali Linux. If you are wondering how to get Kali Linux, you can download the OS here. Or if you don’t want to download an entire OS onto your system, you can try using Kali Linux (NMAP comes pre-loaded with Kali Linux) on a virtual machine using Virtual Box. For a step-by-step guide on how to do that you can click on this link below to find out how:

Once you are logged in your system, in this case we are using Linux, open a terminal window and type “man nmap” and you can find relevant documentation.

WINDOWS

If you have a windows OS go to https://nmap.org/download.html and click on the latest stable version of NMAP (it will be an .exe file).

Open the file and run the setup.

It will create a shortcut on your Desktop and open an NMAP GUI called “Zenmap” that is very user friendly and allows a more seamless approach if you are not used to Linux.

3. Practical ways to use NMAP.

What are some practical real-world applications that use NMAP? Good question!

• You can scan a single IP on a network, or you can scan an entire network for any open or closed ports.
• You can scan if that host or network is active.
• Identifying what operating system a certain host is using.
• To find out if the network or host is using a firewall.
• Find out how many hosts are active on a given network.
• Gathering general information on a network for penetration testing.

4. Best way to learn NMAP and where to find documentation.

The best way to learn NMAP is to go over the documentation and play with some simple commands and arguments. Find a specific task to do and try to research how to perform that task. YouTube is a great resource. You can also buy books about Nmap on their website.

5. Testing out NMAP with an example.

Let’s do a simple example of scanning a host for any open or closed ports. What’s a port again? Oh, right, well let’s get into it.

A port is a logical (as opposed to physical port) place inside your computer that is assigned to a certain application or service (i.e. email, web pages, FTP, SSH). An IP Address specifies a certain host on your network, but a port further specifies a service or application.

It’s like an IP address was your postal code and the port was your street address. So, to locate someone, you need all the relevant information like an IP and port number, these 2 are used together. Therefore, if you are currently surfing YouTube and you want to know where you are located and what you are doing.

Then NMAP can tell you. In this case, you are pinging yourself, so your IP is 127.0.0.1 (local host) and your port private port number is 8080, which is assigned to you. But some ports are not used anymore and are insecure, which means that bad actors can exploit these ports to gain remote access to your system. Using Nmap we can scan a single host or an entire network for insecure ports. So, if Nmap tells you that you have a port open, then this means you are accepting incoming connections from the outside into your system, which is a good thing say, if you are hosting a website.

Below are some common that are on your ports:

• 21 (FTP). File transfer protocol.
• 22 (SSH). Secure shell.
• 25 (SMTP). Simple mail transfer protocol.
• 53 (DNS). Domain name system.
• 67, 68 (DHCP). Dynamic host configuration protocol.
• 80 (HTTP). Hypertext transfer protocol.
• 110 (POP3). Post office protocol version 3.
• 123 (NTP). Network time protocol.
• 143 (IMAP). Internet access message protocol.
• 443 (HTTPS). Hypertext transfer protocol secure.
• 465 (SMTPS). SMTP secure.
• 631 (CUPS). Common Unix printing system.
• 993 (IMAPS). IMAP secure.
• 995 (POP3S). POP3 secure.
• 3306 (MySQL). MySQL database server.
• 3389 (RDP). Remote desktop protocol.
• 8080 (HTTP alternate). HTTP alternate, used for proxy servers.

Open a terminal in Kali Linux and enter the below: - Ip this will give you the information on your personal network.

Once you know the host’s IP address, you can enter it into a Nmap target.
Let say you want to scan your IP address for any open ports. Enter the below:

nmap -sS 10.0.2.15

The above command will scan your personal IP and give you some general information (including: if the host is up, how many ports are open and how many are closed.

Let’s say you want to check if port 3389 (Remote Desktop Protocol) service is open or not. If your computer is set up to receive remote connections from other users, then this port should be “open”. But if you don’t want to this service, then this port should be closed. Let check out if it’s open or closed. Enter the below command starting witn “nmap”, then “-p”, then “the targer/your IP address.(you will have to enter your admin password to execute this function)

nmap -p [port] [target]

Below is the output I have received on my PC.
You can see that port 3389 is closed, which is good because I don’t want to have anyone connecting to my computer.

WannaCry Ransomware

In 2017, a vulnerability was found with Window’s port 445 and 139 (Server Message Block) which was used for file sharing and printing. Hackers used this vulnerability to install a worm that cause havoc on thousands of networks.
Let's check if port 445 is open?
Looks like it’s closed, phiewfff!!

Notes:

References: https://phoenixnap.com/kb/nmap-scan-open-ports https://nmap.org/ https://blog.netwrix.com/2022/08/04/open-port-vulnerabilities-list/ https://phoenixnap.com/kb/nmap-scan-open-ports