Course Name: Information Security Course code: 22CSH - 662

Experiment: 1.3

Aim: To study and implement various scanning techniques using Nmap.

Tools Required: Any Linux Distro, Nmap, Internet.

Description: Nmap, short for "Network Mapper," is a widely-used open-source tool for network
exploration, management, and security auditing. Developed by Gordon Lyon, commonly known as Fyodor,
in 1997, Nmap has become a must-have tool for network administrators, security professionals, and
penetration testers. Nmap provides a variety of features, including port scanning, host discovery, service
detection, OS detection, and scripting. Its port scanning feature can detect open TCP and UDP ports on a
target system, while its host discovery feature can detect live hosts on a network.

Nmap's service detection feature can identify the services running on a target system and their versions, and
its OS detection feature can determine the operating system running on a target system. Nmap's scripting
engine allows users to write custom scripts to automate tasks and perform advanced scans. Nmap is a
versatile tool that can help identify vulnerabile. Nmap is a powerful open-source tool that offers a wide
range of features for network exploration, management and security auditing.

Here are some of its key features:

1. Port scanning: Nmap can scan and detect open ports on a network, which can help identify potential
vulnerabilities.

2. Operating system detection: Nmap can detect the operating system of a host on a network by analyzing
network packets.

3. Stealth scans: Nmap can perform stealth scans, which allows it to gather information about a network
without being detected.

4. Scriptable interaction: Nmap can be used to execute custom scripts that can perform specific tasks, such
as detecting malware or vulnerabilities.

Name: Rahul Thakur UID: 22MCS10013

Thakur
 Course Name: Information Security Course code: 22CSH - 662

5. Flexible output: Nmap can generate a variety of output formats, including XML, grepable and human-
readable formats, which can be used for further analysis.

These are just a few of the many features of Nmap. Overall, Nmap is a versatile and powerful tool that can
be used for a wide range of network-related tasks.

Uses of Nmap:

1. Auditing the security of a device or firewall by identifying the network connections which can be made
to, or through it.
2. Identifying open ports on a target host in preparation for auditing.

3. Network inventory, network mapping, and maintenance and asset management.

4. Auditing the security of a network by identifying new servers.

5. Generating traffic to hosts on a network.

6. Find and exploit vulnerabilities in a network.

Implementation:

A. Port Scanning: Port scanning is one of the primary functions of Nmap. It involves scanning a network
for open ports, which can help identify potential vulnerabilities. Nmap supports a variety of port scanning
techniques, each of which has its own strengths and weaknesses. Port scanning is one of the most important
features of Nmap. It involves scanning a target system for open TCP and UDP ports to determine which
services are running on the system. Nmap uses various scanning techniques to identify open ports, including
SYN scanning, TCP connect scanning, and UDP scanning.

Before running the command it is neccessary to have nmap installed in your system. To install Nmap in your
system use the following command:

Command: sudo apt install nmap

Command: nmap -sP scanme.nmap.org google.com yahoo.in amazon.in

Name: Rahul Thakur UID: 22MCS10013

Thakur
 Course Name: Information Security Course code: 22CSH - 662

Figure 1

Figure 2

Name: Rahul Thakur UID: 22MCS10013

Thakur
 Course Name: Information Security Course code: 22CSH - 662

B. OS Fingerprinting: OS fingerprinting is the process of identifying the operating system of a target host
by analyzing network packets. Nmap has a powerful OS fingerprinting engine that can identify the operating
system and version of a target host based on its response to various network probes. Nmap's OS
fingerprinting engine works by sending a series of probes to the target host, such as TCP and UDP packets
with various flags set. The responses from the target host are then analyzed to identify patterns that can be
used to determine the operating system. In simple words, Nmap's OS fingerprinting capabilities make it a
valuable tool for identifying potential vulnerabilities in a network and assessing the overall security of a
target host.

Command: sudo nmap -v -O scanme.nmap.org

Figure 3

C. TCP Scan: TCP scanning is the most common type of port scanning and involves sending a SYN
packet to the target host and analyzing the response to determine whether the port is open, closed or filtered.

Name: Rahul Thakur UID: 22MCS10013

Thakur
 Course Name: Information Security Course code: 22CSH - 662

The SYN packet initiates the TCP handshake process, and if the target system responds with a SYN-ACK
packet, the port is considered open. If the target system responds with a RST packet, the port is considered
closed. If there is no response, the port is considered filtered. The advantage of TCP scanning is that it is fast
and accurate, but it can be detected by some intrusion detection systems (IDS) and firewalls.

Command: nmap -sT scanme.nmap.org

Figure 4

D. UDP Scan: UDP scanning involves sending a UDP packet to each port on the target system and
analyzing the response to determine if the port is open, closed, or filtered. UDP scanning is more difficult
than TCP scanning because UDP packets do not use a connection-based protocol like TCP packets. If the
target system responds with an ICMP message indicating that the port is unreachable, the port is considered
closed. If the target system does not respond, the port is considered open or filtered. Nmap can perform a
variety of UDP scans, such as a UDP scan that sends a UDP packet to every port on the target host, a UDP

Name: Rahul Thakur UID: 22MCS10013

Thakur
 Course Name: Information Security Course code: 22CSH - 662

ping scan that sends a UDP packet to the target host and analyzes the response, and a UDP scan that sends a
UDP packet to a specific port on the target host.The advantage of UDP scanning is that it can identify open
UDP ports, but it can be slower and less accurate than TCP scanning.

Command: sudo nmap -sU scanme.nmap.org

Figure 5

Conclusion:

The aim to study implement and study various scanning techniques using Nmap is complemented.

Learning outcome-

 Learnt various scanning techniques using Nmap.

 Learnt to implement Nmap.

Name: Rahul Thakur UID: 22MCS10013

Thakur