Home Linux How To Use Nmap in Kali Linux – A Practical Guide

How To Use Nmap in Kali Linux – A Practical Guide

0

In general, Nmap denotes “Network Mapper.” Nmap in the Kali Linux context is a utility that is employed broadly by penetration testers in assessing the vulnerability of a system and for the discovery of networks.

Nmap is a robust tool that has many more applications such as managing programs for all service upgrades, network inventory, service uptime tracking, host monitoring, etc.

Nmap is incredibly creative in its use of IP packets. It uses novel ways to ascertain the hosts obtainable on the network, operating systems they are built on, features provided by the hosts, the various packets or firewalls that are utilized, and so many other properties.

You would also be excited to know that Info World, Linux Journal, and many other associations of note declared Kail Linux Nmap as a security service of the year.

Kali Linux Nmap is a free tool, and it is open source.

How to Use Nmap in Kali Linux?💁

Nmap may be used for certain utilities, and the many choices provided in Nmap can be utilized to complete specific jobs. The primary purpose of Nmap is to secure the system by sniffing traffic and conducting in-depth network analysis.

The operator who created the security infrastructure can receive adequate details about the packet flow using specific network analysis. However, the operator can respond quickly to attacks if they are vigilant and prepared.

The first time you use Nmap, you’ll use the command to search a single IP address. For example, a “network analyst” who sees some strange activity from a single IP can use this to search for false negatives and false positives and find the target if the IP is well-known.

False positives cause unnecessary alerts, which can mask any threat. Using utility to distinguish false positives from false negatives can uncover false positives, keeping network analysts alert and ready to respond to any actual positive attack without fear of false positives.

Nmap is also used to analyze a host for details that could make it a valuable target for hackers on a network. Attackers may, for example, identify a specific victim that has financial information.

A person can use Nmap to analyze a range of IP addresses for cases or vulnerabilities that could be exploited to start an attack in more complex situations. In a more complicated port selecting situation, Nmap could be quite useful.

Nmap offers the ability to scan ports in addition to scanning IP addresses and ranges of IP addresses. Anyone may quickly verify if malware is attacking by using the scanning port, as malware normally targets a particular port on the host.

One can now check a spread of ports, similar to how we could search a range of IP addresses when we’re not sure which ones are problematic.

Nmap can also scan all 65535 ports, including the top 100 most regularly used ports. Note, this scanning always takes a lot of time.

To understand Nmap in detail I will recommend watching this video on “How Does NMAP Actually Works

How Nmap really works // And how to catch it // Stealth scan vs TCP scan // Wireshark analysis

Nmap syntax in Kali Linux

In Kali Linux, network analysis, or “sniffing network” as it is referred to in the hacking world, is a crucial skill and solution that is without a doubt, an imperative necessity. Using network analysis, we are able to discover potential assaults in the network’s weak points and correct them to protect our system.

Some syntaxes that can help with “network sniffing” are listed below.

Running a Default Scan

Example:

nmap -v -A scanme.nmap.org

Kali Linux nmap

This triggers the scanner and it discovers open ports. Also, it detects the IP address of the host. The service scan gives you a list of services that are running.

Running a Service Scan

Example:

nmap -sV scanme.nmap.org

How To Use Nmap in Kali Linux - A Practical Guide

The results here are very similar to the default scan. Like the default scan, it triggers the scanner and discovers lots of ports. These were the ports we discovered in the previous scan. You equally obtain information about the operating system. This also detects the IP address of the host. The service scan gives you a list of services that are running.

The Syntax for Single IPs Scanning

Example:

nmap < 192.168.100.1>

How To Use Nmap in Kali Linux - A Practical Guide

Here, the set of numbers in the angle bracket represents the  IP address you would use to perform the scan. You will obtain the same results if you entered Nmap and the hostname. This command shows you all the ports

The Kali Linux Nmap Syntax for Host Scanning

Example:

nmap <www.example.com >

‘www.example.com’ is the name of the host URL that you need to perform the network sniffing.

The Syntax For Scanning a Range of IPs

Example:

nmap <192.168.80.1–100>

How To Use Nmap in Kali Linux - A Practical Guide

Here, the set of numbers’ 192.168.80.1–100′ represents the range of IPs of which you are performing the network sniffing. You have to put the range’s first and last IP addresses and put a dash in between.

This would take a little longer because it is a wide range of IP addresses.

The Syntax For Single Port Scanning

Example:

nmap -p <80> <192.168.1.67>

Here we would be finding a specific port ’80’for the IP Address ‘192.168.1.67.’

Scanning For Multiple Ports For a Specific IP Address

Example:

nmap -p 80,443,21 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

Here, we have three ports, 80, 443, and 21, and the IP address is 192.168.80.130. We begin the command with the -p parameter and separate the ports with the sign and no space in between.

The Syntax For Scanning a Range of Ports

Example:

nmap -p 1-100 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

The set of numbers’ 1-100′ is an example of a range of ports, while ‘192.168.80.130’ is the IP address. Like in the scanning for multiple ports for a specific IP address, we use the -p parameter.

Scanning the Entire Range of Ports of an IP Address

Example:

nmap -p- 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

In this example, we would be scanning all the ports on the IP address ‘192.168.80.130’. This time, we would use the -p- parameter just before the IP address.

Running a Ping Sweep

Example:

nmap -sn 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

Most of the time, you would run a full scan using Nmap, but sometimes it is not necessary, especially when you only want to check if the system is alive. This can be done using the ping sweep command.

For this, you input the -sn parameter before the IP address.
In this example, we see that the host is up. This tells us that the host has life.

Running a Ping Agnostic Scan

Example:

nmap -pn 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

In Kali Linux Nmap, you run the ping agnostic scan because sometimes, systems have firewalls, and therefore if they detect the ping, they would block it. Making it impossible to detect what is running on that particular system.

Hence, you can avoid running the ping sweep command by inputting the ping agnostic scanning command.

This is done by inputting the ‘-pn’ parameter before the IP address. For example, we would be able to detect all the open ports.

Scanning UDP services

Example:

sudo nmap -sU 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

Unlike the connection-oriented TCP services, UDP services are connectionless, making it really difficult to scan then them. When scanning for UDP services, we make such that we use the administrative privileges.

We enter the ‘sudo’ command before inputting the ‘nmap’ command. Then we write -sU before entering the IP address.
The command for UDP services takes a little bit of time.

Running Different Tcp Flags on Scans—Such as the Xmas Tree Scan

Example:

sudo nmap -sX -T2 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

The Kali Linux Nmap enables us to run this polite scan. You input it by writing the parameter ‘-sX’ followed by the T2 parameter and the IP address. The -T2 raises the value. This scan also requires the root privileges (sudo) before inputting nmap.

If you wanted an aggressive scan input -T4 and -T5 would yield a paranoid scan.
Because the T2 command is a polite scan, it works at a prolonged speed so expect it to take some time.

The Kali Linux Nmap Syntax for Scanning 100 Most Common Ports

Example:

nmap -f <192.168.1.67>

‘192.168.1.67’ is an example of an IP address

The Syntax When Using a TCP SYN Scan

Example:

nmap -sS <192.168.1.67>

‘192.168.1.67’ is an example of an IP address

Scanning Different Sets of IP Addresses

Example:

nmap 192.168.80.1 192.168.80.2 192.168.80.130

How To Use Nmap in Kali Linux - A Practical Guide

Here, we are targeting only three IP addresses.

Final Thoughts

Most of the techniques in Kali Linux Nmap are already familiar to system administrators who have used other programs.

For example, instead of requiring us to deal with multiple security features, Kali Linux Nmap has the edge of incorporating many of these functionalities into a standalone product. Nmap can only be used if you are comfortable with the command-line UI.

Users who want to protect their personal and business websites can also benefit from Kali Linux’s Nmap utility. A hacker’s attack on our website can be effectively replicated by running a Nmap scan on our host webserver.

Basic network surveillance does not necessitate the use of scripts, even though they are available to even the most technically adept users.

It is possible to get the complete Nmap output on a file from Kali Linux and use it for various other purposes. For example, Kali Linux Nmap provides users with a wealth of information to guard their machines against unwanted intrusions with just one base instruction and a slew of additional options.