This article provides an overview and understanding of Nmap as a tool, including its functionalities, configurations, and settings from the viser.
Nmap, short for Network Mapper, is a powerful open-source tool designed for network exploration and security auditing. Widely used by network administrators, security professionals, and ethical hackers, Nmap helps discover devices on a network, identify open ports, and gather information about those device
Configuring the Network Scanner and other settings:
After designating the device as a network scanner and clicking on 'designate this device as a network scanner,' the device will become a network scanner, and the Nmap tool will be installed during the upgrade process.
Below is one of the configured network scanner
The below shows the nmap tools being installed on the end device
The Nmap tools will be present in the location: C:\Program Files (x86)\SecPod Saner. Additionally, the 'spnetworkscanner.log' file will be present once scanning is initiated.
- Clicking on the delete icon on the network scanner will undesignate the device as a network scanner and also remove the Nmap tools from the device. The Nmap folder will be removed once the network scanner is removed from the viser.
The working principle of Nmap involves the following processes:
Identification of Live IPs: By default, Nmap employs requests to identify live IP addresses. In older versions of the tool, the option for a ping sweep was designated as -sP, while in newer versions, it is represented by -sn.
Scanning for Open Ports: Nmap determines the status of ports based on the response it receives for a SYN request:
- Open Port: Nmap receives a "syn-ack" as the probe response.
- Closed Port: Nmap receives an "RST" as the probe response.
UDP and TCP Port Scanning Challenges and Differences: UDP port scanning is generally slower than TCP port scanning and is often overlooked by security auditors. Nmap conducts the check by sending a UDP packet to the ports. For most ports, the packet is empty, while for common ports, the packet contains the protocol-related payload.
- If an "ICMP port unreachable error (type 3, code 3)" message is received, it indicates that the port is closed.
- Lack of response suggests that the port is open or filtered, making this approach slower and potentially less accurate.
- If the response contains any data, it signifies that the port is open.
This process provides Nmap users with valuable information about the live IPs on a network, the status of ports, and potential vulnerabilities.
Network scanner configurations/settings:
The below screenshot shows the configuration settings that needs to entered to perform the network scanner
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article