"nmap" - Network Mapper on CentOS

This section provides a tutorial example on how to install and use 'nmap' (Network Mapper), as a network exploration tool and security scanner on CentOS systems.

Another useful tool is called, "nmap (Network Mapper)”, which is a network exploration tool and security scanner. Here is the full description of "nmap":

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered when they are responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), Nmap provides information on supported IP protocols rather than listening ports.

In addition to the interesting ports table, Nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses.

Here is what I did to install and use it on my CentOS 8 computer:

1. Check the availability of "nmap":

herong$ dnf info nmap

Available Packages
Name         : nmap
Epoch        : 2
Version      : 7.70
Release      : 5.el8
Architecture : x86_64
Size         : 5.8 M
Source       : nmap-7.70-5.el8.src.rpm
Repository   : AppStream
Summary      : Network exploration tool and security scanner
URL          : http://nmap.org/
License      : Nmap
Description  : Nmap is a utility for network exploration or security
               auditing...

2. Install of "nmap":

herong$ sudo dnf install nmap

Dependencies resolved.
...
Installed:
 nmap-2:7.70-5.el8.x86_64

Complete!

3. Scan localhost on TCP connections:

herong$ sudo nmap -sT -O localhost

Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-30 08:12 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00020s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
631/tcp  open  ipp
3306/tcp open  mysql
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.10
Network Distance: 0 hops

4. Scan localhost on UDP connections:

herong$ sudo nmap -sU -O localhost

Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-30 08:13 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000022s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT     STATE         SERVICE
111/udp  open          rpcbind
5353/udp open|filtered zeroconf
Warning: OSScan results may be unreliable because we could not find
   at least 1 open and 1 closed port
Device type: remote management|phone|general purpose|webcam|storage-misc
Network Distance: 0 hops

5. Scan a remote computer with "-A -T4" (Aggressive level 4 timing: aggressive),

herong$ nmap -A -T4 192.168.1.100

Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-30 07:39 EDT
Nmap scan report for 192.168.1.100
Host is up (0.00018s latency).
Not shown: 996 closed ports

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey:
|   3072 d4:33:...:6e:29 (RSA)
|   256 77:87:...:36:6e (ECDSA)
|_  256 e5:51:...:ec:6a (ED25519)

80/tcp   open  http    Apache httpd 2.4.37 ((centos))
| http-methods:
|_  Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.37 (centos)
|_http-title: ...

111/tcp  open  rpcbind 2-4 (RPC #100000)
| rpcinfo:
|   program version   port/proto  service
|   100000  2,3,4        111/tcp  rpcbind
|_  100000  2,3,4        111/udp  rpcbind

3306/tcp open  mysql?
| fingerprint-strings:
|   DNSStatusRequestTCP:
|     8.0.17
|     mysql_native_password
|     packets out of order
...

1 service unrecognized despite returning data. If you know the
service/version, please submit the following fingerprint
at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.70%I=7%D=3/30%Time=5E81DA9C%P=x86_64-redhat-linux-gnu%
...

Service detection performed.
Nmap done: 1 IP address (1 host up) scanned in 27.99 seconds

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

Network Connection on CentOS

 Setup Ethernet Connection on CentOS

 Network Firewall Tools on CentOS

 "firewalld" and "firewall-cmd" on CentOS

 Manage Multiple Firewall Zones

 "nftables" and "nft" on CentOS

 "iptables" Command on CentOS

"nmap" - Network Mapper on CentOS

 Monitor Network Services on CentOS

 "ifconfig" - Trace Routes to Remote Host

 "traceroute" - Trace Routes to Remote Host

 "route" - Upate Routing Table

 "netstat" - Display Network Statistics

 "lsof" - List of Open Files

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 LDAP (Lightweight Directory Access Protocol)

 Administrative Tasks

 References

 Full Version in PDF/EPUB