Performing a network security vulnerability assessment with Nmap

Nmap is an important network security vulnerability assessment tool for value-added resellers (VARs) and consultants. This tip explains how to use Nmap to scan open ports with a SYN Scan.

How to scan ports and services with Nmap

    Requires Free Membership to View

Nmap is the ideal tool for performing a simple network inventory or vulnerability assessment. By default, Nmap performs a SYN Scan, which works against any compliant TCP stack, rather than depending on idiosyncrasies of specific platforms. It can be used to quickly scan thousands of ports, and it allows clear, reliable differentiation between ports in open, closed and filtered states.

Once you discover a machine's visible ports, you need to know which services are running on them in order to inventory them or determine to which exploits the machine is vulnerable. The –sV option enables version detection interrogation, but a better option is –A which enables both OS detection and version detection. The following uses the nmap-service-probes database to try and determine the service protocol, the application name, the version number, hostname, device type, the OS family, and other miscellaneous details like the SSH protocol version or whether an X server is open to connections:

nmap –A www.yourorg.com

If Nmap is compiled with OpenSSL support, it can even connect to an SSL server to deduce the service listening behind that encryption layer. Another advantage of running version detection is that Nmap will try to get a response from TCP and UDP ports that a simple port scan can't determine are open or filtered, and Nmap will change the state to open if it succeeds.

Read more on how to conduct a network security vulnerability assessment with Nmap.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book
IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This tip originally appeared on SearchSecurity.com.

This was first published in December 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.