Ready to see your network the way an attacker sees it?
This short series is for the network administrator who has a grasp of networking, but knows less about security. You might be the Natalie in Natalie’s Graphic Design, or the all-in-one IT department / PC help desk / Webmaster. Maybe you haven’t used command line tools before. But if your network has more than nine devices, you can no longer hold your network in your head. You need a way to quickly and reliably find out:
- How many computers do I have on my network, and what are their IP addresses?
- What network services (distinguished by open ports) does each computer offer?
- What operating system (OS) runs on each computer?
Answering these questions is known as enumeration, or mapping your network. Enumeration is the first thing a savvy attacker does when trying to take over your network — so you might as well beat ‘em to the punch. Enumerating your network helps you identify and close unnecessary services, improving your security. It also tells you what kinds of OS and applications you’re running, so that you can keep up with the proper security patches.
Enter the port scanner, a special network-mapping tool that quickly and easily answers all three of these questions for you. Port scanners come in many flavors and prices, but in essence, a scanner sends an avalanche of packets to an IP address (or IP addresses) in order to learn which IPs are active, what ports each IP listens on, and (in some cases) what OS each IP uses. Then the scanner reports the results to you.
Nmap, short for Network Mapper, is one of the most popular and powerful port scanners on the market. Fyodor, a well-respected white hat hacker, originally created Nmap. Since its inception, many security experts have built upon Fyodor’s open source tool, making it one of the most powerful and advanced port scanners around.
So how much does all this technology and power cost you? Nothing. All you need is the courage to download and install it… and a little bit of know-how, which we intend to provide in this three-part series.
Ready to see your network the way an attacker sees it?
This short series is for the network administrator who has a grasp of networking, but knows less about security. You might be the Natalie in Natalie’s Graphic Design, or the all-in-one IT department / PC help desk / Webmaster. Maybe you haven’t used command line tools before. But if your network has more than nine devices, you can no longer hold your network in your head. You need a way to quickly and reliably find out:
- How many computers do I have on my network, and what are their IP addresses?
- What network services (distinguished by open ports) does each computer offer?
- What operating system (OS) runs on each computer?
Answering these questions is known as enumeration, or mapping your network. Enumeration is the first thing a savvy attacker does when trying to take over your network — so you might as well beat ‘em to the punch. Enumerating your network helps you identify and close unnecessary services, improving your security. It also tells you what kinds of OS and applications you’re running, so that you can keep up with the proper security patches.
Enter the port scanner, a special network-mapping tool that quickly and easily answers all three of these questions for you. Port scanners come in many flavors and prices, but in essence, a scanner sends an avalanche of packets to an IP address (or IP addresses) in order to learn which IPs are active, what ports each IP listens on, and (in some cases) what OS each IP uses. Then the scanner reports the results to you.
Nmap, short for Network Mapper, is one of the most popular and powerful port scanners on the market. Fyodor, a well-respected white hat hacker, originally created Nmap. Since its inception, many security experts have built upon Fyodor’s open source tool, making it one of the most powerful and advanced port scanners around.
So how much does all this technology and power cost you? Nothing. All you need is the courage to download and install it… and a little bit of know-how, which we intend to provide in this three-part series.
Ready to get your hands dirty, and find out what’s really happening on your network? Read on!
Getting and Installing Nmap
Procuring nmap is easier than saying “procuring.” Just go to Fyodor’s Nmap web site and look for a link labeled Download, which is near both the top and the bottom of the page. Grab the latest copy of the Nmap Windows installer. When we published this article, it was http://download.insecure.org/nmap/dist/nmap-4.20-setup.exe.
Once you’ve downloaded the Nmap Windows installer, you should have a file called Nmap-4.20-setup.exe in whatever directory you downloaded the file to. Double-click on this file to begin installing it. After running the installer, Nmap’s End-User’s License Agreement (EULA) window pops up. Read this agreement. If you choose to accept it, click I Accept. (If you don’t accept the agreement, you can’t use Nmap.)
After you accept its EULA, Nmap’s installer presents you with a Components window. Here you can choose which parts of Nmap to install. Since you pretty much need all its components — and the installer enables them all by default — simply click Next to continue.
Now the installer will ask you where you want to install Nmap. We suggest you let it install into its default directory (c:\Program Files\nmap). Just click Install.
Finally, the Nmap installer begins to install Nmap onto your computer. However, during this installation process it also has to install WinPcap, a little utility that helps Nmap do its job. When this happens, you’ll see a window appear for the WinPcap Installer. Click Next. Again you’ll have to read a EULA. If you choose to accept it, click I Agree. After you agree to its EULA, WinPcap installs itself. When it finishes installing, click the Finish button in the WinPcap Installer window. Finally, click Close in the Nmap Setup Window to complete your Nmap installation.
Opening the Nmap Command Line
Nmap is a command line utility. This is where you experience hackery goodness, because instead of mouse-clicking on icons like a mainstream office worker, you type commands like the few, the proud, the l33t old-sk00l coders. Here’s how.
First, open the command prompt on your Windows computer. Click Start => Run. In the dialog box labeled Open, type cmd. Press Enter. Voila! Meet the command line, left over from the days when Windows was based on the antique Disk Operating System (DOS).
You should see something blinking, in front of some odd characters like these:
C:\>
The letter refers to various drives (real and virtual) on your system. If you see any letter of the alphabet other than C, type C: and press Enter.
If you followed the installation defaults, you just installed Nmap into your c:\Program Files\nmap directory. To run Nmap, you must first navigate to that directory. So, type cd\program files\nmap and press Enter. WHen you use the command line, syntax is always critical. Note the backwards slash, and the space between “program” and “files.”
You are now poised to unleash Nmap’s power on your network. Which we will do tomorrow, in Part 2. ##