Nmap and Network scanner settings

Product Version: 6.5.0.0

Overview

This article provides an overview of Nmap, a powerful open-source network scanning tool, and explains how to configure the Network Scanner and related settings in Saner CVEM. The guide covers installation, configuration, working principles, and scanning methodologies used by Nmap to identify devices, open ports, and potential network vulnerabilities.

About Nmap

Nmap (Network Mapper) is widely used by network administrators, security professionals, and ethical hackers. Its primary functions include:

• Discovering devices on a network

• Identifying open ports

• Gathering detailed information about devices

Configuring the Network Scanner in Saner CVEM

1. Designate a Device as a Network Scanner

   • Click “Designate this device as a network scanner”.
     

   • The device will be set up as a network scanner, and the Nmap tool will be installed during the upgrade process.
     

2. Verify Installation

   • Once configured, the Nmap tools will be installed on the device at:
     C:\Program Files (x86)\SecPod Saner
     

   • A log file named spnetworkscanner.log will be created once scanning is initiated.

3. Remove Network Scanner

   • Clicking the delete icon will un-designate the device as a network scanner.

   • Nmap tools and the associated folder will be removed from the device.

Working Principle of Nmap

1. Identification of Live IPs

   • Nmap sends requests to detect live IP addresses.

   • Older versions used the -sP ping sweep option; newer versions use -sn.

2. Scanning for Open Ports

   • Nmap determines port status based on SYN request responses:

     • Open Port: Receives syn-ack response

     • Closed Port: Receives RST response

3. UDP and TCP Port Scanning Differences

   • UDP scanning is slower than TCP scanning.

   • Nmap sends a UDP packet to ports:

     • Empty for most ports

     • Protocol-related payload for common ports

   • Response interpretations:

     • ICMP port unreachable (type 3, code 3): Port is closed

     • No response: Port may be open or filtered (slower, less accurate)

     • Response contains data: Port is open

This process provides insight into live IPs, port statuses, and potential vulnerabilities on a network.

Network Scanner Configurations/Settings

• Navigate to the Network Scanner settings in Saner CVEM.
  

• Enter the required configuration settings to enable scanning.

• Ensure the device is designated as a network scanner to initiate scans.

Conclusion

By configuring the Network Scanner and Nmap settings in Saner CVEM, administrators can efficiently detect live IPs, open ports, and potential network vulnerabilities. Proper setup ensures accurate scanning and secure network assessment.