01 November 2006
Network Analysis Made Easy
For people who want to ensure that their network is secure and free from any unwanted guests, nmap is a very powerful tool for doing so. It can be found here. The program is available for Linux, Unix, and the other Nixes as well as Windows and Mac. Instructions are available on how to install the program. Which can be compiled from source, or installed from an executable for Windows and RPM for Linux.
I will only go into the service very basically because of it's complexity and power, but for those who want to learn more, a lot of information can be found in the reference guide
Among other things nmap can be used to find hosts on a network, services offered by those hosts, the operating systems (and OS version) they are running, and types of filters and firewalls being used. For general home use this can be used for people with wireless connections to check that no one is leeching off your connection. Also it is good for checking for malicious software by scanning ports to see which services are being run and which ports are open. From those results a person can search for malicious software that uses those ports and try to close them.
For the first option of checking for unwanted guests, a user could type:
nmap 192.168.0.*
This is assuming that your local network uses that IP range. This will also give you open ports on the systems listed.
If we change the command slightly to:
nmap -p- 192.168.0.*
it will scan every port on every computer on our network. This will take a rather long time, especially depending on the number of computers within this network. The only advantage of this is it will find any unexpected open ports which may be trying to hide from standard scans.
If we instead type:
nmap -A 192.168.0.*
it will give us a lot more information on the computers and services that are found. The results include the version of the services that are running along with the operating system and details.
These commands are a good place to start when reviewing your network and for most users probably will provide all the information that they could want.
I will only go into the service very basically because of it's complexity and power, but for those who want to learn more, a lot of information can be found in the reference guide
Among other things nmap can be used to find hosts on a network, services offered by those hosts, the operating systems (and OS version) they are running, and types of filters and firewalls being used. For general home use this can be used for people with wireless connections to check that no one is leeching off your connection. Also it is good for checking for malicious software by scanning ports to see which services are being run and which ports are open. From those results a person can search for malicious software that uses those ports and try to close them.
For the first option of checking for unwanted guests, a user could type:
nmap 192.168.0.*
This is assuming that your local network uses that IP range. This will also give you open ports on the systems listed.
If we change the command slightly to:
nmap -p- 192.168.0.*
it will scan every port on every computer on our network. This will take a rather long time, especially depending on the number of computers within this network. The only advantage of this is it will find any unexpected open ports which may be trying to hide from standard scans.
If we instead type:
nmap -A 192.168.0.*
it will give us a lot more information on the computers and services that are found. The results include the version of the services that are running along with the operating system and details.
These commands are a good place to start when reviewing your network and for most users probably will provide all the information that they could want.
Labels: linux, networking, nmap, os
