Nmap
Description
Nmap “Network Mapper” is a free and open source utility for network exploration and security auditing. Nmap has two basic scan types, TCP connect scanning (-sT) and TCP SYN stealth scan (-sS). TCP connect scan performs scanning by beginning a connection to the targeted host. The disadvantages of connect scan is it is very easy to detect on the system being scanned. Therefore TCP SYN was developed. TCP SYN tries to initiate a connection too, but it assumes the port is open after receiving back the SYN packet. Kepp in mind you may not detect the open ports by SYN TCP if the targeted system performs filtering on their ports.
Sites
http://en.wikipedia.org/wiki/Nmap
Examples
To show a list of options type
nmap --help
If you want to do a simple scan of a machine simply type the ip address of the machine
nmap 192.168.1.10
Output will look like this
Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-29 00:37 CDT Interesting ports on 192.168.1.10: Not shown: 1693 filtered ports PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp closed ftp 23/tcp closed telnet 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
If you want scan an entire network domain you would do a command like this
nmap 192.168.1.1/24
Displaying output on your screen is ok for quick scans but what if you want to save the output to a file. This example shows how to save output in both XML and normal output formats
XML Output
nmap 192.168.1.1/24 -oX newscan.xml
Normal Output
nmap 192.168.1.1/24 -oN newscan.nmap