NMAP

Course
Time
7 hours 1 minute
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:04
Okay, Now I'm gonna show you a really interesting one. That amount has built in, and that is a map
00:08
dash. Hi, Capital R
00:12
and then a number. What this does is it tells and map too.
00:17
Basically, randomly select 10
00:21
I p addresses and they're all outside your network perimeter
00:25
and then run a scan against him.
00:27
I'm not gonna run it because I don't know those I p addresses, And I don't really want to run it against people that I don't know because I think it's
00:37
borderline unethical and possibly illegal, so I'm not gonna do it.
00:42
Um,
00:44
so that's that scan. If you did want to run this from your house, I wouldn't recommend doing it from your work or home.
00:51
If you want to do a really quiet scan using random I p addresses out there, you could do Ah and map Dash
01:00
S s
01:02
capitalists
01:03
Dash P
01:03
Haiti
01:06
tea, too.
01:08
I r.
01:10
And then the number of Raina might be addresses that you want. Let's do you want to run against 50? So what the scan does is it's a sin scan, which is really the default
01:19
scan. That
01:22
and map runs a TCP syn scan.
01:25
The dash P is for the port that you want to scan. So it's only scanning a single port instead of 1000 or 100.
01:32
And the dash t two is the timing, and that timing is
01:37
considered polite.
01:38
And like we said before the dash, I capital R is
01:44
a random selection of I P addresses and the 50 is the number of I P addresses you want to scan.
01:51
So again, if you want to run that from her house,
01:53
I don't think it's gonna do any harm at all.
01:56
And But I just suggest that you don't do it from work or school because it might get picked up by your
02:01
cos I d s or
02:05
if they have a seam or advanced threat management system. And
02:08
you just don't want any of those guys talking to you unless that's you. In which case, if it's part of your job description, go ahead.
02:16
All right, so now I'm gonna do it in map Dash Ascend.
02:25
So that's a scan that we've run before. And this time I'm gonna add
02:30
an exclusion, so we'll do. Ah,
02:35
exclusion of 1.1.
02:38
Actually, I'm gonna modify it just a little bit to make it run faster.
02:40
We won
02:43
0.0 through. Let's do 40.
02:46
Well, exclude I p address one. That one.
02:53
All right. So there's only three hosts up out of those 40 that we scanned
02:58
here. They are right here.
03:00
And it got done in 1.6767 seconds.
03:05
And if you notice we did an exclusion on 1.1,
03:08
which should be about right here and it's not there. So that's how you do an exclusion and Mt.
03:19
Okay, so now what? I want to d'oh
03:21
clear the screen
03:23
I want Let's say you wanted to do the same thing, but you wanted to exclude multiple
03:28
hosts that were in that range.
03:30
So this is the way you do it. You do and map.
03:34
I'll do it.
03:35
Think sweep again.
03:38
How good do
03:40
the full
03:43
sub net
03:44
we'll do? Uh,
03:46
Dash, Dash exclude
03:49
and we'll exclude 1 92.1 68 That one. That one.
03:53
I know the host name of the server on this network. That will do
03:58
well, C B S R. V one,
04:01
and we'll do a 1 92.1 68 that one dot to 54
04:06
So my main point is, it's the same commanders last time.
04:10
But
04:11
if you're gonna put multiple exclusions,
04:14
All right,
04:15
Unlike your target specifications from earlier with the exclusions, you actually have two separated by commas. I don't know why they did that, but that's the way it is.
04:24
So when you run it,
04:30
I'm not gonna go through this whole list here, but
04:33
you'll notice at the end.
04:36
The last I p address that is alive or up is 182.1 68. That one, that 1 67 And so we excluded one dot to 54
04:46
which would show up right around right around here if it was up
04:50
or if you know, if it wasn't excluded, is what I mean.
04:55
And so it's not their swords are exclusion list worked.
04:59
All right,
05:00
clear the screen again.
05:04
All right. We're in the target's folder here. The one that we created earlier. You can call it whatever you want, Really? But I just do targets just to make it easy.
05:13
So what we're gonna do now is I'm gonna show you how to do an exclusion list without having a type each one at the command line. You can actually create a file. Kind of like we did with the target specifications. Target list earlier.
05:27
So we'll d'oh! No bad.
05:30
Of course this assumes your own Windows 10. Um,
05:33
if you're in Lennox or
05:36
Ah, UNIX platform or Mac OS, you can do the eye or whatever makes you happy,
05:45
so I'll d'oh!
05:46
No pad
05:47
Exclude! List dot T X t
05:50
Oh,
05:54
yes, I want to create it.
05:58
And so I'll do some exclusions Here. I'll do
06:01
Studio shoot at 1 68
06:04
one dot
06:05
one
06:06
magnitude at 1 68 that one dot
06:11
10 through 50
06:14
D'oh!
06:15
182.1 68 1 dot to 54
06:24
And just so you know, this is my layer three switch on this network.
06:30
These are
06:31
servers and other devices, and then everything in between 50 and 2 54
06:36
are just
06:38
devices on this network to 54 is my firewall.
06:42
So there's some inside information there.
06:46
Don't use it against me.
06:51
Right? So do Ah,
06:54
clear screen.
06:59
Okay, so now that we've created our exclude lis file,
07:02
we'll run a scan against the entire sub net using that exclusion file. So do it. And Mountain
07:11
Dash s n.
07:18
That will do
07:21
exclude file
07:29
in the name of the file that we want to specify where the exclusions are.
07:34
So enter.
07:43
Okay, so
07:44
I'll scan up and show you.
07:48
Okay, so you can see here that
07:51
it skipped 1.1 and then it skipped
07:55
everything beyond 1.10.
07:59
And then it started grabbing everything from one dot
08:01
101 and on.
08:07
And then it skipped 1.2 54 which we know is alive. So
08:11
there you have it. That's pretty much all
08:15
of the target specifications. And then mount there are some other options and other things you can play with. But for the most part, that's everything that you're gonna use in your daily life.
08:26
All right, Thanks for going through this lab with me. And I'll see you on the next lesson
08:31
in this lesson. In the previous one, we did a review of target specifications covered in previous lessons. Then I showed you a bunch of additional options. And finally we did a lab that covered all of them.
08:41
Thanks again for walking through this lesson with me and I'll talk to you again on the next one

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor