Getting Started with Nmap

Testing network security controls and discovering vulnerabilities are important parts of any organization's security plan. This course will help you learn how to use Nmap to discover network hosts and potential vulnerabilities.
Course info
Level
Beginner
Updated
Oct 5, 2018
Duration
1h 26m
Table of contents
Description
Course info
Level
Beginner
Updated
Oct 5, 2018
Duration
1h 26m
Description

Nmap, or network mapper, is a tool that has been around for more than 20 years. In this course, Getting Started with Nmap, you will learn how this versatile tool can be broken down into phases that are easily understood and implemented. First, you will go over Nmap installation and command structure. Next, you will move progressively through each scan phase until you are leveraging more advanced features. Finally, you will have the opportunity to apply what you learn to a scenario where you use Nmap to evaluate network devices. By the end of the course, you will have a basic understanding of how to use Nmap for internal security testing and will be running your own commands to detect applications running on your devices.

About the author
About the author

Matt Glass is a Multi-national Systems Integrator in Stuttgart, Germany, working as a government contractor. He has been working in the IT field for the last eight years.

More from the author
Vulnerability Management: The Big Picture
Beginner
1h 37m
Sep 27, 2017
Cryptography: The Big Picture
Intermediate
1h 24m
Jun 7, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello, I'm Matt Glass, and welcome to my course: Getting Started with Nmap. I am a network and system engineer working with a defense contractor in Stuttgart, Germany. Testing network security controls and discovering vulnerabilities are important parts of any organization's security plan. Nmap, or Network Mapper, is a tool that's been around for more than 20 years and continues to expand its capabilities. This versatile tool may seem intimidating to learn at first, but its operation can be broken down into phases that are easy to understand and implement. In Getting Started with Nmap, you'll learn how to use Nmap to discover network hosts and potential vulnerabilities. We'll start with Nmap installation and command structure, and progressively move through each scan phase until we're leveraging more advanced features. Throughout the course, you'll have the opportunity to apply what you learn to a scenario where you use Nmap to evaluate network devices. By the end of the course, you'll have a basic understanding of how to use Nmap for internal security testing, and you'll be running your own commands to detect applications running on your devices. This course is an introduction to Nmap, so no initial knowledge or prior use is required or expected. While all the examples in this course are run from the Linux command line, I also demonstrate how to install the GUI version, if that is your preference. Although you do not need any prior Nmap experience, it is helpful, though not required, if you have a basic understanding of IP version 4 addressing, ports, and variable length subnetting before taking this course. I really enjoyed creating this course, and I hope you enjoy watching it.

Understanding Nmap Basic Functions
Hello again, and welcome to the next module, Understanding Nmap Basic Functions. I'm Matt Glass, and in this module, we're going to be covering the basics of Nmap's operation and command structure. Let's take a look at the overview for this module, and see what we'll cover. First up in this module, we're going to discuss how Nmap scans a network. We'll cover the Nmap scan phases overall, as well as briefly describe each in the order that Nmap goes through them. Once we have a foundational understanding of Nmap's phases, we'll move into how to format an Nmap command. We'll talk about the default that Nmap uses when no options are selected, and how to specify targets for Nmap to scan. At the end of this module, I have a few demos where we will conduct the first few scans of Wired Brain Coffee's network from both the command line and using the Zenmap GUI. This module is all about the basics, and building the foundation for the upcoming modules that begin to leverage each of Nmap's phases and options. So if you're ready to get started using Nmap, we'll begin with the Nmap scan phases.

Host Enumeration and Network Mapping
Hello again, and welcome to the next module: Host Enumeration and Network Mapping. I'm Matt Glass, and in this module, we're going to be covering the basics of using Nmap for host discovery. Let's look at the overview for this module, and see what we will cover. In this module, we're going to first discuss the importance of host discovery for internal security testing. In this section, we cover why it is still important to use the host discovery options even when you think you know which devices are online before you scan. Next, we'll go over the Nmap options for host discovery. Here, we will cover a couple of options to list targets and discover which devices are online. We'll also discuss the different methods of target specification. Finally, we'll go over some of the basic defenses that can be implemented to protect your network against external host discovery. Let's get started with discussing the importance of host discovery when conducting an internal security scan. The first reason for host discovery is simply to determine which hosts are active on the network. You can also focus on a particular set of devices that are running a service that you want to upgrade or remediate. Host discovery is also a way to determine if there are any unauthorized devices operating on your network that need to be removed. Host discovery can also be used to determine the focus of more in-depth scans. Selecting options that focus on host discovery instead of conducting a full scan immediately, help you to select a smaller list of specific hosts that you want to run a time intensive full scan on. Now that we understand the importance, we can begin with Nmap host discovery controls.

Port Scanning with Nmap
Hello again, I'm Matt Glass, and welcome to the next module for this course: Port Scanning with Nmap. In this module, we're going to cover the basics of Nmap's function, port scanning. As we learned in previous modules, the port scanning phase is where Nmap sends a variety of IP packets to target workstations, and evaluates the responses in order to determine the port states and classify them. Let's take a look at the overview, and see what we'll cover in this module. First, we're going to cover briefly why port scanning is important for security testing. This will really start to show the value of tools like Nmap, and conducting port scans is part of ensuring that your network remains secure. Next, we discussed the basics of port scanning with Nmap. This lesson will include demos on Nmap's function, as we conduct additional scans of Wired Brain Coffee's network. Once we finish scanning, we'll cover defenses against unwanted port scans, and remediation options for the vulnerabilities we discover. If you're ready to get started using Nmap to discover vulnerabilities, then let's get started with the importance of port scanning for internal security testing.

Performance and Timing
Hello again, I am Matt Glass, and welcome to the next module for this course: Performance and Timing. In this module, we're going to learn about the different Nmap options for adjusting scan time, as well as some strategies for optimizing Nmap scans. Let's go to the overview, and see what we're going to learn in this module. First up in this module, we're going to cover the Nmap options to reduce scan time. We're going to cover the timing controls in Nmap, and the timing templates available to simplify the timing options. Once we understand the options, we're going to discuss some strategies for optimizing your Nmap scans. In this module, I also have a demo that shows how we can employ these techniques to reduce Wired Brain Coffee's scan times. If you're ready to start improving Nmap's timing performance, let's get started with the first lesson on reducing scan time.

Understanding Service, Application Version, and OS Detection
Now that we covered the basic operation of Nmap, in this module, we're going to briefly cover some of the advanced features of Nmap by learning about the basics of service, application version, and operating system detection. Let's take a look at the overview to see what we're going to learn in this module. We're going to start out by covering the purpose of these features and the value this information provides for internal security testing. Next, we'll focus on service and application version detection with Nmap. We'll cover some of the basic commands used to activate service detection, we'll get some example scans, and we have a demo using this on our scenario network, Wired Brain Coffee. Last in this module, we'll shift our focus to operating system detection with Nmap. We'll discuss the basic controls available, and also run a scan in our scenario network. Before we get into that, let's cover the purpose of service, application version, and operating system detection with Nmap. Service detection can help you detect services that are not secure, or have better alternatives. You saw some of this in previous scans that displayed service names like HTTP, HTTPS, and SSH to help us decide if they were vulnerable services. Version detection goes one step further than this, and will try to detect the specific application that is running that service. This information will help you find outdated and vulnerable applications running on your network. Operating system detection can be used to detect old operating systems that are still running on your network, but it can also serve another purpose. OS detection can be leveraged to detect rogue devices as well. Outside of security testing, this information is valuable for documentation, diagrams, and inventory.

Detecting and Scanning Firewalls
Hello again, and welcome to the last topic for this course: detecting and scanning firewalls. In this module, I'll show you some of the basics of how to detect potential vulnerabilities and network firewalls. I'm going to let you know upfront here that since this course is an introduction, I'm barely skimming the surface of what Nmap can do with firewalls and network security devices. With that in mind, let's go to the overview and see what we'll cover in this module. First up, we'll cover why scanning firewalls is important when conducting internal security tests. We'll discuss the value this information can provide for security testing, and why you'd want to conduct Nmap scans of your own firewall. Next, we'll learn how to scan firewalls with Nmap, and follow that up with vulnerability remediation of what we discover. Let's get started with the importance of firewall detection and scanning. One of the first advantages of attempting to detect firewalls with Nmap is to see how easily your firewall is detected from an external scan. Would anyone be able to determine your firewall's IP address, and possibly an entrance into your network with a simple Nmap command? Another reason is to determine if any open ports indicate that vulnerable services are in use are your network. While internal scans can be used to detect these vulnerabilities as well, open ports on a firewall can indicate that those services are in use without having to penetrate your network. Most importantly, your firewall is likely your first layer of defense, but hopefully not your only network defense. It's important to assess potential vulnerabilities, and if they must remain open. This can help you decide on additional network security measures you can implement to mitigate those vulnerabilities.