top of page

Fingerprinting using NMAP

Fingerprinting is an active reconnaissance. In fingerprinting, the probe request packets are directly sent on the target to get its information. It involves active scans like Nmap, Banner grabbing and Error messages, etc.


NMAP:


The network mapping tool also known as Nmap is made by an Insecure Organization. It can reconnaissance about the open ports, running services and their version, OS as well as the possible vulnerabilities of the target system.


Fig. Nmap Scanning Techniques


Some scanning techniques of nmap with their switches are given below:

  • Nmap Stealth scan/ Syn scan: It does not complete three way handshakes thus it is a quitter scan thus no logs are generated at target’s end.

  • Namp TCP connect scan/ Vanilla scan: Determines the version of the service running on the different ports.

  • Version scan: Attempts to determine the version of the service based on nmap-service-probes file.

  • UDP scan: For scanning the ports that runs on the UDP services, this scanning technique is used. But it is very time consuming and creates lots of traffic in the network. Hence Unicorn scan is used instead.

  • Firewall evasion techniques: Nmap uses fin scan, xmas scan and null scan as the firewall evasion techniques.


Deliverable:


Lab Set up

• Virtualization using Oracle Virtual box

• Attacker’s System: Kali Linux

• Target System: Metasploitable 2


Nmap

In Kali Linux Terminal

• Basic Nmap command

~# nmap [IP address of target]


• Scanning specific port

~# nmap [IP address of target] -p [specific port number]


• Scanning version of service

~# nmap -sV [IP address of target]


• Scanning Operating System of target

~# nmap -O [IP address of target]


• OS fingerprinting, service enumerating, trace routing and running scripts at one go

~# nmap -A [IP address of target]


• Stealth scan

~# nmap -sS [IP address of target]


• Connect scan

~# nmap -sT [IP address of target]


• UDP scan

~# nmap -sU [IP address of target]


• To use more than one switches simultaneously

Ex. ~# nmap –sS -sV [IP address of target]


• Running scripts using nmap

~# nmap -scripts “[name of the script]” [IP address of target] -p [specific port number]


bottom of page