[ad_1]
Nmap or “Network Mapper†is an open source tool for security experts and developers by the “Nmap Developer Team†since 1997. Here we will learn the commands to install NMAP on Debian 11 Bullseye and how to use it?
Using Nmap, a user can scan the network and / or computers on the Internet / local (i.e. with their IP address) can be checked for open ports and services listening on them. Known and unknown analysis methods make this tool a very powerful program.
The Network Mapper is particularly suitable for discovering all active hosts in the network environment (ping sweeps) as well as their operating system (operating system fingerprint) and the version numbers of the various services installed there.
Nmap can be used, for example, to test your firewall setup or your computer for open ports and (possibly unwanted) services running in the background. Although this tool itself comes with a command line interface, using Zenmap makes it easier for the user to manage things.
By default, Nmap performs a SYN scan based on the conformance of a TCP stack. It can be used to scan thousands of ports and allows clear and reliable differentiation between ports with open, closed or filtered status.
Typical use of NMAP:
- Analyze and scan networks
- Obtain network inventory
- Detect connected and active systems
- Determine details of services, configurations and versions
- Monitoring uptime, hosts or service
- Check for service updates
How to install Nmap on Debian 11 Linux Bullseye
Update of the Apt repository
One of the first things we’re going to do is run the system update command. This will rebuild the system repository cache and also allow installed packages to reach their latest versions.
sudo apt update
Install NMAP on Debian 11 Bullseye
We don’t need to add repository manually because the official package to install NMAP is already available on the default Debian 11 base repository. Therefore, running the APT package manager command to get it will be sufficient.
sudo apt install nmap -y
Installation of ZenMap (GUI) on Debian 11 (optional)
Those looking for a graphical user interface to use NMAP to scan and analyze networks. They can opt for ZenMap, however, its latest version is not available for Debian in binary format. Therefore, to install it, we must first convert its existing RPM binary to Deb. Let’s follow the steps.
Install Alien
sudo apt-get install alien -y
Download the ZenMap RPM
Go to the official Nmap website and download the Zenmap RPM package.
Convert RPM to Deb
If you used the browser to download the file, go to Downloads phone book- cd Downloads
sudo alien zenmap-*.noarch.rpm
Install Zenmap
sudo dpkg --install zenmap_*_all.deb
Check the version of Nmap
To check the current Nmap version use the given command:
nmap --version
Using the Nmap scanner on Debian 11
The target range for Nmap options can be a single IP address (it works with IPv4 by default, but you can also use IPv6 addresses), an IP address range, or a host. If you don’t enter any other options, just enter the Nmap target range, Nmap checks the target computer for the first 1000 ports. Most of the so-called well-known ports are permanently connected to certain typical applications (such as web or POP3 servers).
To see all the options available to use with you can see its help page:
nmap -h
Nmap – Port scan
Using the port option, we can scan to know the start of the ports if they are open or closed. However, filtered boot can be annoying as it allows the administrator to scan ports with other methods. Let’s take a look at some common port states that we typically get when scanning ports on a network.
Open– This means that an application or a service is listening on this port and that a connection is therefore possible.
Firm- This means that the host refused a connection on this port. No app is listening behind.
FILTER / BLOCKED means the host is not responding to queries on that port. This means that the connection is neither confirmed (OPEN) nor rejected (CLOSED). If the host is otherwise reachable, filtering (FILTERED) or blocking (BLOCKED) by a firewall takes place.
unfiltered – In this case, Nmap is accessible to the port but cannot confirm whether it is open or closed.
The command to start the analysis is:
sudo nmap ip-address
Where
sudo nmap website address
To check your computer you can use:
sudo nmap localhost
To scan the entire subnet use:
sudo nmap IP-address/24
Service and version identification
Service identification is also known as service fingerprint or version detection (version scan). Nmap’s service scan command tries to determine what applications are installed (uses certain ports to communicate outside the world) and their version as accurately as possible. This can be used to find application versions and then find available vulnerabilities in a targeted manner.
Use Nmap for operating system analysis
Operating system identification is also known as operating system fingerprint or operating system detection is the process in which we use Nmap to identify the type of operating system used by the host we are targeting.
Identifying the operating system and services with NMAP
Option to use for this:
• Operating system scan (operating system detection) = -O Provides accurate information about the operating system, if possible. The scan uses different application protocols on ports that are considered “open†or “open | filtered”.
• Service analysis / version analysis = -sV Scan the ports to identify applications running behind open ports.
• RPC Analysis = -sR – If the RPC (Remote procedure call) service is available on a port, the Nmap will scan it to give more information about the operating system.
• Combined analysis of operating system and services -O -sV Where -A To provide information about the operating system and applications, combined into a single output.
sudo nmap -OÂ [IP address] or sudo nmap -O [website address]
Well, if Nmap is unable to provide exact information about the target host operating system, you can use the guessing option, which is unreliable but gives an idea of ​​the percentage of reliability.
sudo nmap -O --osscan-guess ip-address
You can see it in the given screenshot.
Classic ping scan (network scan)
The given command will use a classic ping scan with ICMP echo requests (-PE), but without port scan (-sn).
sudo nmap -PE -sn -oG - ip-address-range/24
Extended ping scan (network scan)
Using this TCP ping scan combines classic ping (ICMP echo) with TCP SYN scan.
sudo nmap -sP -oG - ip-address-range/24
Digitization techniques
Let’s take a look again at the various Nmap scan options or settings that can be used with its command.
| Nmap – digitization techniques | |
| Sweeping technique | the description |
-sT |
Simple connection scan. A full TCP connection is established and deleted for each port to be scanned. This analysis is also available if Nmap is called without root rights. |
-sS |
“SYN-Stealth-Scan”: Similar -sT, but no full TCP connection is established, therefore less noticeable. (Standard with root rights) |
-sU |
Scans UDP ports instead of TCP. |
-sn |
Ping analysis: only checks availability through the ICMP echo request, TCP SYN packet on port 443, TCP ACK packet on port 80, and ICMP time stamp request. Useful for testing entire areas of the network for active hosts. This analysis is also available if Nmap is called without root rights (then only with SYN packets on ports 80 and 443). |
Expert information:
The following more exotic techniques (and others) may be useful in individual cases. However, it is a good idea to study the man page or the nmap home page first to understand the specifics and possible outcomes.
| Special scanning techniques | |
| Sweeping technique | the description |
-sF, -sN,-sX |
Nmap sends deliberately manipulated or incorrect TCP packets to ports for analysis. Based on the reaction of the port (or server), conclusions can be drawn as to whether the port is open or protected by a firewall. Compared to -sTWhere -sRless visible. |
-sA, -sW |
Also used to test if a port is open, closed or protected. Particularly good at detecting firewalls. |
Options
Nmap knows about different options which can be combined with the scanning techniques mentioned above:
Version and operating system detection
| Nmap options (version and operating system) | |
| option | the description |
-sR |
If an RPC service is recognized, additional RPC packets are sent, as this helps find additional information about the service listening on the affected port. |
-sV |
Use additional tests to identify the service on each open port. Understand -sR. |
-O |
Operating System Discovery: Attempts to identify the target’s operating system using special features of the network implementation. |
-A |
Short for -sV -O |
Ports
By default, Nmap scans all ports from 1 to 1024, plus the highest listed in the / usr / share / nmap / nmap-services to file. The following options produce different behavior:
| Nmap – options (ports) | |
| option | the description |
-p X |
Scan port X only |
-p X-Y |
Scans ports X to Y only |
-p X,Y,Z |
Scans ports X, Y and Z |
-p- |
Scan all ports |
-F |
Quick scan, scans only the known ports that are listed in the nmap-services to file. |
-r |
Scans all ports in numerical order, which can improve clarity with the option -v. By default, Nmap chooses a random order. |
other options
| Nmap – options (miscellaneous) | |
| option | the description |
-Pn |
Before a full port scan, Nmap usually checks if the computer exists and is online (see scan technology -sn). This option disables this and is necessary to scan hosts that do not have a web server running and are blocking pings. |
-e eth0 |
Explicitly instruct Nmap eth0to use the network interface. Usually, Nmap chooses the interface itself. |
-oN DATEI |
Save the scan in TO FILE |
-v |
Displays additional information during analysis. |
Uninstall or remove Nmap
Well, if you don’t want Nmap on your Debian 11 anymore, we can use the same APT package to remove it.
sudo apt remove nmap
Other articles:
• Install WordPress WPScan Security Scanner on Ubuntu 20.04 LTS
• How to install Zenmap Nmap GUI on Ubuntu 20.04 LTS
• 10 Popular Open Source Tools To Secure Your Linux Server In 2022
• How to open or close ports in AlmaLinux 8 or Rocky Firewall
[ad_2]
