Nmap tutorial in Spanish

Nmap tutorial in Spanish

What is NMAP

Nmap is a tool in the form of network commando that works within Linux systems, although with a little cleverness also we can make it work in Windows and Mac. Nmap is the best utility than it exists for I scan and exploration of ports, as well as the recognition of the operating systems that operates under the interface of corresponding network.

In this tutorial nmap in Spanish we will as well use the commando tcpdump, that is a tool in line of commandos whose main utility is to analyze the traffic that circulates around the network. It allows the user to capture and to show in time real the packages transmitted and received in the network to which the computer is connected.

Next I show an operation of ports of an IP any:

Example of I scan with NMAP | Nmap tutorial in Spanish

root@ubuntu nmap 91.121.155.113 Starting Nmap 6,25 (http://nmap.org) AT 2014-04-08 16:26 CEST Nmap scan report for ns202552.ovh.net (91.121.155.113) Host is up (0.077s latency). Not shown: 979 closed ports PORT STATE SERVICE 21/tcp open FTP 22/tcp open ssh 25/tcp filtered smtp 53/tcp open domain 80/tcp open HTTP 106/tcp open pop3pw 110/tcp open pop3 143/tcp open imap 443/tcp open https 445/tcp filtered Microsoft-ds 465/tcp filtered smtps 587/tcp filtered submission 993/tcp open imaps 995/tcp open pop3s 1935/tcp open rtmp 3306/tcp open mysql 8086/tcp open d-s-n 8443/tcp open https-alt

Here we observed all the operative ports under the interface of corresponding network and IP. From this simple commando we obtain the following data:
. The mail hangs of this servant and the exit smtp is filtered.
. Plesk is a Web server with panel.
. This servant solves requests dns of the domain
. He has access ssh and FTP without leaking! UPSSS€¦
. It hangs of a basic service of data.
. Etc.

At first Nmap I am created with objectives €œhacker€, but shortly after convirtio in an essential utility for the security in the networks, audit€¦ etc. and by all means can be used to protect to us, since you will be able to know your weaknesses and to repair them.

<

Examples of use of Nmap | Exploration of the TCP ports


TCP attack connect scan

root@ubuntu: ~$ nmap localhost 

Starting Nmap 5,00 (http://nmap.org) AT 2011-10-06 01:17 PDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. 
Interesting ports on localhost (127.0.0.1): Not shown: 997 closed ports PORT     STATE SERVICE 25/tcp   open smtp 631/tcp open  
ipp 3128/tcp open squid-HTTP Nmap donates: 1 IP address (1 host up) scanned in 0,11 second

Open port 3128

NMAP
€“ Type of attack that listens to TCP ports
€“ The option of nmap €œ- PO€ summarizes the information to us of exit of the terminal
€“ The option €“ sT us specific the type of I scan connect scan.
€“ The option €“ p allows us to choose the port to scan
€“ This attack usually does not detect as it attacks because the connection is completed.

root@ubuntu: ~$ I sweat nmap - P0 - sT - p 3128 localhost Starting Nmap 5,00 (http://nmap.org) AT 2011-10-06 01:18 PDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. 
Interesting ports on localhost (127.0.0.1): 
PORT     STATE SERVICE 3128/tcp open squid-HTTP Nmap donates: 1 IP address (1 host up) scanned in 0,04 seconds

TCPDUMP
€“ we sent flag [S] with a byte of synchronization from a random port (48897) and port 3128 answers with flag [to us S] + byte ack
€“ from the same random port we answered with flag [to him] +ack1 and flag [R] to close the attack.

root@ubuntu: ~$ I sweat tcpdump - i the 01:18: 48,444201 IP localhost.48897 > localhost.3128: Flags [S], seq 3383339335, win 32792, options [mss 16396, sackOK, 1265094 val TS ecr 0, no, wscale 6], length 0 01:18: 48,444214 IP localhost.3128 > localhost.48897: Flags [S.], seq 3381811475, ack 3383339336, win 32768, options [mss 16396, sackOK, 1265094 val TS ecr 1265094, no, wscale 6], length 0 01:18: 48,444228 IP localhost.48897 > localhost.3128: Flags [.], ack 1, win 513, options [no, no, 1265094 1265094 val TS ecr], length 0 01:18: 48,444495 IP localhost.48897 > localhost.3128: Flags [R.], seq 1, ack 1, win 513, options [no, no, 1265094 1265094 val TS ecr], length 0 

Close-harbor 52
NMAP
€“ Type of attack that listens to TCP ports
€“ The option of nmap €œ- PO€ summarizes the information to us of exit of the terminal
€“ The option €“ sT us specific the type of I scan connect scan.
€“ The option €“ p allows us to choose the port to scan
€“ This attack usually does not detect as it attacks because the connection is completed.

root@ubuntu # nmap - PO - sT - p 52 localhost Starting Nmap 5,00 (http://nmap.org) AT 2011-10-12 23:41 PDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. mass_dns: warning: Aable to determines any DNS server. To review DNS is disabled. Try using --system-dns or specify valid server with --dns-server Interesting ports on localhost (127.0.0.1): PORT STATE SERVICE 52/tcp closed XNS-tricks out of Nmap donates: 1 IP address (1 host up) scanned in 0,08 seconds

TCPDUMP
€“ we sent flag [S] with a byte of synchronization from a random port (33640) and port 52 answers with flag [to us R] reset

root@ubuntu: ~$ I sweat tcpdump - i tcpdump: verbose output suppressed, uses - v or - vv for full protocol decode listening on, link-type EN10MB (Ethernet), captures size 96 bytes 23:41: 47,024270 IP localhost.33640 > localhost.52: Flags [S], seq 3410572728, win 32792, options [mss 16396, sackOK, 4294938234 val TS ecr 0, no, wscale 6], length 0 23:41: 47,024360 IP localhost.52 > localhost.33640: Flags [R.], seq 0, ack 3410572729, win 0, length 0

Attack TCP SYN scans

Open port 3128
NMAP
€“ Type of attack that listens to TCP ports
€“ The option of nmap €œ- PO€ summarizes the information to us of exit of the terminal
€“ The option €“ foll us specific the type of I scan Syn scan
€“ The option €“ p allows us to choose the port to scan
€“ This attack does not include ack of confirmation

root@ubuntu: ~$ I sweat nmap - P0 - foll - p 3128 localhost Starting Nmap 5,00 (http://nmap.org) AT 2011-10-06 00:59 PDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. 
Interesting ports on localhost (127.0.0.1): 
PORT     STATE SERVICE 3128/tcp open squid-HTTP Nmap donates: 1 IP address (1 host up) scanned in 0,13 seconds

TCPDUMP
€“ we sent flag [S] with a byte of synchronization from a random port (34217) and port 3128 answers with flag [to us S] + byte ack
€“ from the same random port we answered with flag [to him R]

root@ubuntu: ~$ I sweat tcpdump - i the 01:01: 03,199731 IP localhost.34217 > localhost.3128: Flags [S], seq 2309594195, win 1024, options [mss 1460], length 0 01:01: 03,199788 IP localhost.3128 > localhost.34217: Flags [S.], seq 3871348246, ack 2309594196, win 32792, options [mss 16396], length 0 01:01: 03,199795 IP localhost.34217 > localhost.3128: Flags [R], seq 2309594196, win 0, length 0 

Close-harbor: 52
NMAP
€“ Type of attack that listens to TCP ports
€“ The option of nmap €œ- PO€ summarizes the information to us of exit of the terminal
€“ The option €“ foll us specific the type of I scan Syn scan
€“ The option €“ p allows us to choose the port to scan
€“ This attack does not include ack of confirmation

root@ubuntu: ~$ I sweat nmap - P0 - foll - p 52 localhost Starting Nmap 5,00 (http://nmap.org) AT 2011-10-06 01:10 PDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. 
Interesting ports on localhost (127.0.0.1): 
PORT   STATE SERVICE 52/tcp closed XNS-tricks out of Nmap donates: 1 IP address (1 host up) scanned in 0,11 seconds

TCPDUMP
€“ we sent flag [S] with a byte of synchronization from a random port (47308) and port 52 answers with flag [to us R]
€“ from the same random port we answered with flag [to him] +ack1 and flag [R] to close the attack.

root@ubuntu: ~$ I sweat tcpdump - i the 01:10: 12,031540 IP localhost.47308 > localhost.52: Flags [S], seq 1911266538, win 1024, options [mss 1460], length 0 01:10: 12,031573 IP localhost.52 > localhost.47308: Flags [R.], seq 0, ack 1911266539, win 0, length 

I hope that this article serves to you as help,
A greeting,
By “scar Carrillo