summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoralan <alan@raven.lizella.net>2010-02-05 15:13:26 -0500
committeralan <alan@raven.lizella.net>2010-02-05 15:13:26 -0500
commitb86a82582e26097c0f218b60ab607526acce3cbc (patch)
tree02144264b297fa51250a6197ac3fec5d2f767dce
parent8497c8982e711d8eb56c3823ef447bb2924275ed (diff)
downloadslackbook-b86a82582e26097c0f218b60ab607526acce3cbc.tar.xz
Discussion of nmap completed. Should that CYA paragraph be included or
changes in the final draft of the book?
-rw-r--r--chapter_15.xml54
1 files changed, 54 insertions, 0 deletions
diff --git a/chapter_15.xml b/chapter_15.xml
index d5a05f9..20a1fe5 100644
--- a/chapter_15.xml
+++ b/chapter_15.xml
@@ -234,6 +234,60 @@ SMB PACKET: SMBtrans2 (REQUEST)
<section>
<title>nmap</title>
+<para>
+Suppose you need to know what network services are running on a
+machine, or multiple machines, or you wish to determine if multiple
+machines are responsive? You could <application>ping</application>
+each one individually, <application>telnet</application> to each port
+you're interested in, and note every detail, but that's very tedious
+and time consuming. A much easier alternative is to use a port scanner,
+and <application>nmap</application>(1) is just the tool for the job.
+<application>nmap</application> is capable of scanning TCP and UDP
+ports, determining the operating system of a network device, probing
+each located service to determine its specific type, and much much
+more. Perhaps the simplist way to use <application>nmap</application>
+is to "ping" multiple computers at once. You can use network address
+notation (CIDR) or specify a range of addresses and
+<application>nmap</application> will scan every one and return the
+results to you when it's finished. You can even specify host names as
+you like.
+</para>
+
+<para>
+In order to "ping" hosts, you'll have to use the <arg>-sP</arg>
+argument. The following command instructs
+<application>nmap</application> to "ping" www.slackware.com and the 16
+IP addresses starting at 72.168.24.0 and ending at 72.168.24.15.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>nmap -sP www.slackware.com 72.168.24.0/28</userinput>
+</screen>
+
+<para>
+Should you need to perform a port scan, <application>nmap</application>
+has many options for doing just that. When run without any arguments,
+<application>nmap</application> performs a standard TCP port scan on all
+hosts specified. There are also options to make
+<application>nmap</application> more or less aggressive with its
+scanning to return results quicker or fool intrusion detection
+services. For a full discussion, you should refer to the rather
+exhaustive man page. The following three commands perform a regular
+port scan, a SYN scan, and a "Christmas tree" scan.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>nmap www.example.com</userinput>
+<prompt>darkstar:~# </prompt><userinput>nmap -sS www.example.com</userinput>
+<prompt>darkstar:~# </prompt><userinput>nmap -sX www.example.com</userinput>
+</screen>
+
+<para>
+Be warned! Some Internet Service Providers frown heavily on port
+scanning and may take measures to prevent you from doing it.
+<application>nmap</application> and applications like it are best used
+on your own systems for maintenance and security purposes, not as
+general purpose Internet scanners.
+</para>
+
</section>
</section>