Port Scanner NMAP

Actually this tutorial long time ago I made .. tp klo does not hurt my posts in my blog, who knows could be useful for teman2 in need.

www.insecure.org
~ ~ ~ ~ Fydor

at this time I will explain the basis and concept of the use of nmap (port scanner) to find out how many are open port2 on the target. If there are no errors kesalahan2 writing or description, please in the correction ya .. because I am also still in the learning stage. for teman2 who already understand yes please add more of his articles, can let our deeper understanding in the use of nmap.

[-1. Is nmap it?
nmap port scanner is a very famous in the world of hacking. and many are used to audit a system, where to find open ports allowing those ports can be exploited by the intruder. msh many more besides NMAP port scanner in the Internet world, such as: superscan, THC, BluesPortTool, etc..

[-2. Explanation
nmap in the latest version now already has a feature that is very good at all, can even be said complete. This is very helpful at all when we start scanning or start a "peek" open port on the target computer. NMAP has a lot in terms of sanning techniques, such as: UDP, TCP Connect (), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, Null scans, etc is .. NMAP also has the advantage to know what OS is used by the target .. Mmm .. Cool it! that not less mantepnya, in the latest version can spoof our IP and MAC. Begh ... Mantep Coy! This is useful for IP and MAC we can not know (anonymity network).
In practice I use nmap on windows, but in windows there are some functions that can not be executed but can be run on Linux: (. I also use ZA firewall (to view the log by an intruder), and sometimes I turn off the firewall (to view ports which benar2 open on my computer). because if we use a firewall, there are special port2 that he block and the lid is logical by the firewall.
"Woi!, Game tutorials dong .. even ngebacot again!" Ok .. Ok ... wait, yes, a little more direct koq practice. hehehehe ...: D

[-3. Supported platforms NMAP
Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS,

[-4. Depedencies on penginstall NMAP
if we want nmap running on windows we have to require that his name WinPcap. Download and install on your computer. can be downloaded at the link below:
http://www.winpcap.org

Download nmap on the link below. the installation directory, it's up to you routed .. tp klo may be yes in "C: \ nmap" let the easy access to it through cmd. : D
http://www.insecure.org/nmap/nmap_download.html

Performance of nmap can be found on his website. Tp, When I try on Linux, nmap faster process than in windows. That's according to me seh .. there may be an opposite.

[-4. Basic Scanning
If you want to see help from nmapnya
C: \ nmap> nmap-h

Example 1: You want to know what ports are open from ports 1-65535 and the OS is used by the target.
C: \ nmap> nmap-v-sS-p1-65 535-O 192.168.1.2

mean:
-V = verbose
-SS = stealth scan
-P = port scans
-O = OS detection
192.168.1.2 = target

results:
[Quote]
Starting Nmap 4.11 (http://www.insecure.org/nmap) at 2006-10-07 16:14
Standard Time
Initiating ARP Ping Scan against 192.168.1.2 [1 port] at 16:14
The ARP Ping Scan stores 0.08s to scan 1 total hosts.
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is d
Try using-system-dns or specify valid servers with-dns_servers
DNS resolution of 1 IPs stores 0.02s.
Initiating SYN Stealth Scan against 192.168.1.2 [65535 ports] at 16:14
Discovered open port 23/tcp on 192.168.1.2
Discovered open port 25/tcp on 192.168.1.2
Discovered open port 80/tcp on 192.168.1.2
Discovered open port 443/tcp on 192.168.1.2
Discovered open port 5900/tcp on 192.168.1.2
Discovered open port 445/tcp on 192.168.1.2
Discovered open port 135/tcp on 192.168.1.2
Discovered open port 139/tcp on 192.168.1.2
Discovered open port 1066/tcp on 192.168.1.2
The SYN Stealth Scan stores 23.05s to scan 65535 total ports.
For osscan assuming port 23 is open, 1 is closed, and neither are firewa
Host 192.168.1.2 appears to be up ... good.
Interesting ports on 192.168.1.2:
Not shown: 65526 closed ports
PORT STATE SERVICE
23/tcp open telnet
25/tcp open smtp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-SSN
443/tcp open https
445/tcp open microsoft-ds
1066/tcp open unknown
5900/tcp open vnc
MAC Address: 00:17:31: AC: 48:4 D (Asustek Computer)
Device type: general purpose
Running: Microsoft Windows 2003/.NET | NT/2K/XP
OS details: Microsoft Windows 2003 Server or XP SP2
TCP Sequence Prediction: Class = truly random
Difficulty = 9999999 (Good luck!)
IPID Sequence Generation: Incremental

Nmap finished: 1 IP address (1 host up) Scanned in 24 328 seconds
Raw packets sent: 68 100 (2.997MB) | rcvd: 65 551 (3.016MB) [/ quote]
Well, already you can see it port2 are open and what OS is running the target .. O yes, to run-sS (stealth scanning) you must have permissions as an admin. Um .. Gaining want that computer? Difficult Boy ..! Hehe .. Advanced ah ..

Example 2: The above his cuman only port and its service information .. now we will see the service and the version of the open port2. keep your eyes with me!
C: \ nmap> nmap-v-sV-p1-65 535-O 192.168.1.2

The result: some of my output is not edited so much.
[Quote]
23/tcp open telnet Microsoft Windows XP telnetd
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS webserver 5.1
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-SSN
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft
1066/tcp open msrpc Microsoft Windows RPC
5900/tcp open vnc VNC (protocol 3.3; Locked out) [/ quote]
Well, now saw versionnya. : D

example 3:
When we do the scanning, we recorded real IP in the firewall log or if you use snort snort. Nah, klo dah caught .. Game Over dech ... dah dong is not fun anymore .. stay waiting in the target samperin aja ama. : D
Now as never before is how we maintain the anonymity of our footprinting nmap IP or during scanning. The concept we can do decoy or deception of a source (check me if i wrong). Oh no, kyanya confused neh. we immediately practice dech .. Here we use the IDS. Oh yeah, our computer with IP 192.168.1.1 and 192.168.1.2 target
C: \ nmap> nmap-v-sV-p 22-O 192.168.1.2
when we do the scanning .. snort logs record like this:
[Quote]
[**] SCAN nmap TCP [**]
11/07-01: 33:18.752219 192.168.1.1:55464 -> 192.168.1.2:22
TCP TTL: 46 TOS: 0x0 ID: 12 633 IpLen: 20 DgmLen: 60
*** A **** seq: 0x18D5EF65 Ack: 0x0 Win: 0xC00 TcpLen: 40
TCP Options (4) => WAS: 10 NOP MSS: 265 TS: 1061109567 0 [/ quote]
Well, it caught our IP .. : D "word of the snort, I got U.." current we use the decoy, the decoy addresses asal2an we enter IP address.

C: \ nmap> nmap-v-sV-O-D 192.168.1.2 192.168.2.10-p 22
logs like this:
[Quote]
[**] SCAN nmap TCP [**]
11/07-12: 01:08.582551 192.168.2.10:35522 -> 192.168.1.2:22
TCP TTL: 46 TOS: 0x0 ID: 1902 IpLen: 20 DgmLen: 60
*** A **** seq: 0x2B740381 Ack: 0x0 Win: 0xC00 TcpLen: 40
TCP Options (4) => WAS: 10 NOP MSS: 265 TS: 1061109567 0 [/ quote]
Hehe .. Our IP is not listed .. "Said the attacker, U can not get me."

Alhamdulillah, finally arrived at the end of this tutorial .. Hopefully useful tutorial .. yes actually there's still plenty more to be clarified .. tp klo mostly lazy to read it again instead Ntar ..

reference:
http://www.insecure.org
http://www.google.com
C: \ nmap> nmap-h
My brain