Product Version: 6.5.0.0
Overview
This article provides an overview of Nmap, a powerful open-source network scanning tool, and explains how to configure the Network Scanner and related settings in Saner CVEM. The guide covers installation, configuration, working principles, and scanning methodologies used by Nmap to identify devices, open ports, and potential network vulnerabilities.
About Nmap
Nmap (Network Mapper) is widely used by network administrators, security professionals, and ethical hackers. Its primary functions include:
Discovering devices on a network
Identifying open ports
Gathering detailed information about devices
Configuring the Network Scanner in Saner CVEM
Designate a Device as a Network Scanner
Click “Designate this device as a network scanner”.
The device will be set up as a network scanner, and the Nmap tool will be installed during the upgrade process.
Verify Installation
Once configured, the Nmap tools will be installed on the device at:
C:\Program Files (x86)\SecPod SanerA log file named spnetworkscanner.log will be created once scanning is initiated.
Remove Network Scanner
Clicking the delete icon will un-designate the device as a network scanner.
Nmap tools and the associated folder will be removed from the device.
Working Principle of Nmap
Identification of Live IPs
Nmap sends requests to detect live IP addresses.
Older versions used the -sP ping sweep option; newer versions use -sn.
Scanning for Open Ports
Nmap determines port status based on SYN request responses:
Open Port: Receives syn-ack response
Closed Port: Receives RST response
UDP and TCP Port Scanning Differences
UDP scanning is slower than TCP scanning.
Nmap sends a UDP packet to ports:
Empty for most ports
Protocol-related payload for common ports
Response interpretations:
ICMP port unreachable (type 3, code 3): Port is closed
No response: Port may be open or filtered (slower, less accurate)
Response contains data: Port is open
This process provides insight into live IPs, port statuses, and potential vulnerabilities on a network.
Network Scanner Configurations/Settings
Navigate to the Network Scanner settings in Saner CVEM.
Enter the required configuration settings to enable scanning.
Ensure the device is designated as a network scanner to initiate scans.
Conclusion
By configuring the Network Scanner and Nmap settings in Saner CVEM, administrators can efficiently detect live IPs, open ports, and potential network vulnerabilities. Proper setup ensures accurate scanning and secure network assessment.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article