Nmap performs a ping sweep to identify hosts that are active on the network and then proceed to identify what services respond.You can also check the configuration of firewalls and access policies for critical systems.Nmap enables you to perform versioning (-s V) and OS detections (-O) separately or together as a combined command (-A): nmap –A 127.0.0.1 Starting Nmap 5.21 ( Interesting ports on 172.16.1.253: Not shown: 1707 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh Cisco SSH 1.25 (protocol 1.99) 23/tcp open telnet Cisco router 80/tcp open http Cisco IOS administrative httpd 443/tcp open https?MAC Address: : E8:3C: EE:40 (Cisco Systems) Device type: switch Running: Cisco IOS 12.There are many books written from the security tool perspective, with indepth discussions of the various uses, switches, and techniques to implement these programs.Consider this an introduction to the uses of these tools, and auditors are encouraged to read from O'Reilly Press for a fantastic discussion of security tools and their many configuration options.
Nmap can be used to scan for service ports, perform operating system detection, and ping sweeps.
Starting Nmap 5.21 ( Interesting ports on 172.16.1.3: Not shown: 1707 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv MAC Address: 00:1A:92:0A:62: B1 (Asustek Computer) Nmap done: 1 IP address (1 host up) scanned in 2.226 seconds Scanning for UDP ports is handled differently.
Because UDP doesn't have a handshake process like TCP, the UDP packet must be crafted in a manner that causes the operating system to respond back.
There's more to network security than just penetration testing.
This chapter discusses software tools and techniques auditors can use to test network security controls.