Hacking/Security - NMAP Network Mapping Introduction

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

please remember that the complete information for the class that you are about to view is at eli thecomputerguy.com not only do we have our videos there but we have part lists diagrams pictures and even complete code examples so if you are watching this video and you want more information please go to eli thecomputerguy.com welcome back as you know i am eli the computer guy and in today's class we're going to be doing an introduction to the nmap network mapping software so this is network mapping software you can run from the linux command line and what will happen is when you run this software you can either uh query one particular device or you can query an entire network you can look for the ip addresses on the network you can grab the mac addresses for those hosts that are found on the network from those mac addresses you can try to discover what the vendor for the different products are you're able to see what ports are open on the different devices and you're also able to try to determine what operating systems are on these particular devices so this is something that you can run at the command line and basically the results can either print out onto your terminal screen or you can export the results into a text file or into an xml file so that you can then look at the information basically in a normal text file or be able to parse the xml file so that you can use that information in some type of product or software that you're going to be creating so in map network mapping software is one of those things that is really really really really cool if you're not an absolute beginner so if you're an absolute beginner right when you use the nmap you're going to get all of this text printed out on the screen you're going to be sitting there like oh what am i supposed to do with this and then you're going gonna go off and use spice works right that's the reality if you if you're new to the the networking world you want something pretty graphical you want something pretty easy to use and let's be clear nmap isn't that this is a text based command line tool it's going to give you a lot of information but it's going to be up to you to figure out what to do with that information again if you want something nice and pretty and graphical and all that kind of thing use spiceworks or something from solarwinds that type of deal what's really cool about the nmap software is you can run it from the command line which means you can script it so i'm actually using this on a project right now i am using a cron job to actually fire off an nmap script approximately every 10 minutes and so what happens is that nmap script fires off it then uh dumps the the information that it finds into a text file into an xml file and then i use a php script in order to parse that xml file dump the data then into a database and then i'm able to create an application around that so that's what makes nmap really cool uh is is again it's not for the beginner user but if you understand what's going on with the network mapping software what's really great is you can export all of this information and then once that information is then dumped into something like a text file you can have other scripts be able to parse or read that text file to be able to present you with good and useful information so when you're thinking about nmap it's kind of one of those things you've got to you've got to really consider where you're using it within your particular situation if you just want a nice pretty easy to use graphical user interface type network mapping software nmap is most likely not going to be what you want if you want to be able to pull information from the network dump that into some kind of data file and then be able to do something with the data file that's where in a map gets very interesting so we're going to be doing a brief introduction to the nmap network mapping software today i think you're going to find that it's very exciting very interesting even if some of the things that i show you are currently over your head keep nmap in the back of your mind because i'm sure within a couple of years you will get to the point where you'll start to understand why this type of product can be very useful so there are a few warning warnings for when you're going to be using nmap the first warning warning for you is before you go in front of your boss or before before you go in front of your friends and to show them this really cool tool you just learned how to use make sure to test test test test test test test test test test and maybe test one more time do you remember nmap is a linux based tool and being a linux based tool you get some interesting results on that linux based tool i've been using it for a while now and it's one of those things where like once you understand what you want out of nmap once you understand what you're going to get out of nmap it becomes a great tool but there are so many options available for it to you when you're using nmap one of the big problems is you can assume in a map is going to do something or map is going to work in a way that you expect it to work and you can run into problems when nmf just does whatever the hell it wants to do right so again i mean it's not it's one of those things where once you understand the product once you understand nmap it's going to be very easy to use and it's going to give you the results that you're expecting the big issue that you run into is when you initially start using nmap the results that you get may not look like what you think you're supposed to be getting the next warning warning for you and this is actually a big one this is kind of like bold bold underlying italicize this in your brain is when you're running this on linux you're going to want to run this as the root user or if you're using like a debian version of linux or ubuntu you want to use sudo before the nmap command when you're going to be running nmap the reason for this is it's kind of weird but for whatever reason you're not actually able to access the mac addresses for the devices that you're scanning if you do not run in map as root so basically if you run nmap as the normal user it'll go out it'll find the ip addresses it'll find the ports it'll find all that other information but it won't find the mac addresses for you so if you want the mac address and you want that additional like vendor information that goes with the mac address always make sure to run the command as sudo basically as root and also remember this if you're going to be using a cron jab cron job so if you're going to be using crontab crontab is the scheduler for basically scheduled tasks within the linux world you are going to want to use sudo crontab space hyphen e instead of simply crontab space hyphen e so when you go to fire off the uh the nmap uh executable that it actually runs with those elevated privileges this is just one of those things that can come up you're not thinking about it you simply type in nmap and whatever options and whatever else in the command line and then you're not getting the mac addresses for whatever reason uh the reason for that is because you're not uh basically running those commands as root you're not running those using the sudo command so that's just one thing to keep in mind uh the final thing is again with using some of these command line utilities that is able to output into a text format uh you may want to be using this in some kind of a script project that you're doing so again i'm working on a little project right now where approximately every 10 minutes and map fires off it grabs all the information from the network and then dumps that into a text file again for whatever reason when you try to actually run nmap directly from crontab directly from the cron job you may run into some weird issues again i went i took a look at this for troubleshooting and all that uh basically what uh they recommend is that for the cron job you actually target a bash script so you have a bash script a shell script that has the nmap command within that shell script and that's how you fire and map off so that's just again one of those weird uh kind of quirks there so again if you're going to be using nmap at the end of the day it works very well you will get the results you know it'll work work well for you once you understand the results that you're going to be getting back but make sure to test test test when you're going to be running nmap generally you're going to be wanting to run that at the as the route or as you know using the sudo command and then finally if you are going to be using this uh basically inside in some type of cron job basically automated process uh do think about firing this off from a script so have cron tab point to a shell script and then have that shell script actually fire off the nmap command because for whatever reason that seems to make it work better so with that let's go over to my demonstration computer i will show you the website for nmap so you get a bit of an idea of what that website looks like all of the reference information that is there and then we'll go over to my actual linux server uh i will run in a map for you show how to show you how that looks and then we will go and take a look at the text output and kind of show you the differences with different types of options when nmap is being used so here we are at my demonstration computer and i have brought up nmap.org so nmap.org is the official website for nmap and you can come here and you can get all of the information now to be clear uh nmap has been around for a long time so it's in all or should be in all the linux repositories for being able to download and install uh software onto your linux machine very easily so if you're in the ubuntu world basically you can do app hyphen get install just simply nmap and you'll be able to install nmap do whatever command you need to do in centos or the red hat world but basically you won't need to actually have to download this from nmap itself in order to install it but the nmap website is useful for you for reference information if you go down one of the nice things about nmap is it is free and it is open source so again as i've talked about before you can use nmap basically use it in a script have that output be dumped into some type of folder and then have your script be able to then parse the information within that output so basically you can use nmap as a component to some kind of custom application that you're going to be creating do make sure to go and read the license though if you're going to be doing something such as selling the product so again one of the important things to remember in the in the real world of using technology is you can use something in a lab environment you can use something in your production environment and then you can package something and sell it but all of those things the license may get in the way so do make sure uh whenever you're going to be using a product especially if you plan to distribute it in any kind of way that you actually go through and read the license but the license is here and in general again it's free and open source and you shouldn't have too many issues we go over here to the reference guide and when you go to the reference guide they're going to give you basically all of the information on how to use nmap and you have this little table of contents here you can go through and take a look at certain types of information so if you want to understand a little bit more about os detection you can go here and it will explain the os detection for you if you want to like go back it'll tell you about service and version detection go back to reference guide if you want to go down and do things like timing and performance they will give you some information here again it is important to understand that there are a metric crap ton of options for when you're going to be using nmap so again depending on your particular situation and what you're trying to accomplish you may need to go in and twitter tweak what options and stuff that you're particularly going to be using i'm going to be showing you some basic uh commands on how to use nmap today so just kind of keep that in mind if what i'm showing you doesn't give you what you want go take a look there's a whole bunch of different options here so with that let's go over to my computer and i'll actually show you how to fire off the nmap so here we are at my server i already have installed nmap but if you need to install nmap you simply do sudo apt type and get install and then you simply say nmap there's nothing other than that then you're going to hit enter it's going to ask for your password and then it's already installed for me but if it wasn't installed for you uh nmap would be installed there are no configuration files or any other type of thing that you're really going to have to worry about once nmap is installed you can simply uh call it from the command line now from here uh one of the things we can do is we can actually simply query one particular host on the network so we can actually we can scan either the entire network or we can scan one particular host so let's say you have one server you have one server you're concerned about what ports are open or some information or you've simply seen a device pop up on your network and you want to know more information about it you can simply query that one particular device so what we would do here is we do sudo again by and large always use sudo for the command that will give you the mac address and some other different things then we will simply say nmap i am not going to use any particular options right now so we're going to run it as stock standard and we're going to do 192.168. let's say 1.1 so basically when i do this it is going to scan do a basic scan of my particular router then all i have to do is i have to hit enter and then we're going to get this starting the nmap scan so it is important to understand that if you don't use the verbose option here that basically this is all you're going to see until the scan actually finishes now if you if you press a button it will show you um about how long it's through the process so you can see it's about 48 done if i do up again it now shows me it's about 66 percent done so if you do want a status update essentially you can just hit the arrow key and it will give you what the status update is and you can just sit here and you can wait as it tries to get the information for you about that particular device so we have the nmap so this is the nmap report for gateway so it was able to pull the host name 192.168.1.1 it shows me that i have these ports open 53 80 and 5000. it then gives me the mac address and then from the mac address what is what can be very useful here is that they can then give me the vendor information so this can be very useful for you again when you're scanning a network and you have a lot of network devices right so when you get the vendor information from a mac address this may not be the most useful thing for you for desktop computers right because it's going to be getting the vendor information for the actual network card within the device so the difference between you know the the network card and the device versus the computer itself you may not get dell here you may not get hp here you may get the vendor for the for the network card itself but why this can be useful for devices on the network think about printers again think about networking equipment like this is that type of thing one of the nice parts about that is if you can get the vendor information for those types of devices it might be a lot easier for you to figure out what that device is so i can sit here and go oh that's one of that's netgear i know the only devices on my network that are netgear are my networking devices so i have an idea of what that is uh past that uh what we can do is let me clear the screen so now let's look at scanning the entire network so before i was able to query just one particular ip address but now i want to scan my entire subnet so again i'm going to do sudo again space and map again and then one of the things i'm going to do here is do hyphen and then lowercase v so what this is going to be is this is going to be verbose so it's actually going to be just automatically telling me what's going on on the screen uh so when you're running nmap against an entire network it can take a long time again the scanning a lot of different ports and scanning all the different devices so this is one of those things when you run nmap you may want to like wander off and go get a cup of coffee frankly go get lunch honestly depending on how big your network is how many devices you have and so using the verbose option is just very useful because then it updates and it tells you what's happening you don't have to go over and play with the screen so basically we're just going to be doing nmap a space hyphen v then we do 192.168.1.0 so this is my my subnet here so i'm on the 192.168.1 subnet and then it's a class c so i'm going to do a slash 24. uh so again you need to know a little bit about networking in order to be able to do these scans so the first thing that you do is you put in what your your uh your network is 192.168.1.0 whatever that is and then whatever your subnet is so this is a class c a class c is a slash 24. a class b would be a slash 16 a class a would be a slash 8 so it depends on what your particular subnet is and basically that's all that we're going to need in order to be able to run this scan and so then we're going to hit enter and now it's going through and we can see you know it started to scan it's now scanning 255 hosts because it is scanning that network and the nice part here about this verbose option is again it's now actually telling you what's going on so if you're if you're running this on a computer sitting in the corner you can be going off and working on another computer and you can just take a look and make sure that this is updating itself again nmap take can take a very long time to run so it's one of those things where if you're just sitting there and all you're doing is looking at a little blinking cursor that may be a little bit frustrating for you so with this it's going to take a second and so we'll see what the results are when it's done so there we go now the basic scan is done we can go down here and we can see that 256 ip addresses 13 hosts were found and it took approximately 424 seconds so on my crappy little network with 13 hosts that took about eight minutes so again do remember within map it can take you a little bit of time now we can then go through and we can basically scroll through and see the basic information that was found so we can see such as 192.168.1.19 this is an apple device this is the mac address these are the ports that are open and we can see it's an iphone sync uh has an iphone sync port open so it's most likely an iphone we can see 192.168.1.17 this has this particular port open that's also most likely an apple device 192.168.1.15 it has microsoft has 445 port open so basically this is a samba it has some kind of file sharing services on it also an apple device lots of apple devices we can see here i have another netgear device we can see here i have another netgear device and basically you can scroll through when you can see the different information so basically this is going to be giving us our ip addresses this is going to be giving us the ports that are open because we ran this as root sudo we are going to be getting the mac address and then we are going to get the vendor for the device uh so on and so forth so basically we can go through and we can see all of this information now obviously this isn't the most useful here so i mean it is giving us information but it's simply giving this to us in the terminal it would be a lot better if we can simply uh get this in a text output file so one of the things you can do is you can do sudo and let me clear the screen clear the screen here so one of the things you can do is again you do sudo then you can run nmap as you would you know 192.168.1.0 forward slash 24. but then from here we can select an output file and an output format so if you do hyphen lowercase o uppercase n this will output in just a basic text fashion if you do oh x this will output as an xml file so again as i've talked about before you can output the information into a file and then have some kind of other script type try to parse the information in that file so if you want to output this as an xml file so that this can be read by some other script that you're creating you would want to do a hyphen o uppercase x but again for a text file we can do a hyphen o uppercase n and then you simply uh put where you wanted to go so basically wherever you have permission to write on your particular server so home our user is bob and then i can simply you know print this out as you know test.txt and so what would happen here is we're running nmap as the root we are going to be scanning our entire network we are going to be outputting to a text file and this is where we're going to be outputting to this is the point where i would also offer a couple of other options for you to take to think about so after nmap here uh there's two options you might think about running so if you do uh hyphen a so hyphen uppercase a this will do what is called an aggressive nmap scan so the aggressive nmap scan will also look for things and try to determine what the operating system of the device is now this doesn't work great it's not perfect it's not perfect but it might give you uh some useful things if you're if you're looking for some additional information so if you're trying to figure out what the device is maybe it's a phone device or something like that using hyphen a might be able to do that for you uh if you're trying to figure out what the operating system for devices are this might work for you again it's one of those i don't know 20 25 of the time it actually works but 25 is better than nothing so you might want to do a hyphen a the other thing that you might want to do to try to speed up the scan is hyphen f so what hyphen f is going to do is it's going to restrict the port scanning to the to the 100 most common ports so when you're dealing with networking ports there's just a gajillion networking ports a device can theoretically use and so if if nmap is trying to scan all of the ports it will take it a while to scan all the ports especially if there's a lot of devices on the network now if you only care about the most common ports uh 22 80 you know 443 that type of thing if you do hyphen f that will only scan the 100 most common ports and then and then it'll be a lot faster obviously so that's just again one of those things to be thinking about think about doing the the hyphen a uppercase a that will be the aggressive that will try to give you the operating system information and such and then hyphen f this will be fast for you it'll scan only the 100 most common ports and then again here hyphen o n or o x n gives you a text file x would give you an xml file so i've already done a few scans and i've outputted them to to a folder so i've outputted them to home bob right so we can go here we're at the home folder for bob and we can see i have nmap scan a so that's with a and map scan af we have an af with xml so on and so forth and so i just want to show you what these scans look like and i think it's a lot easier just to see them in a text file now the important thing here is so this is an nmap basic scan as text so uh hyphen o n uh hyphen o n using the a hyphen o n using a f and then for hyphen o x this is the xml so again just so you understand the difference between the the standard text formatting and the xml formatting this is the standard text formatting so again very easy for a human to be able to read okay this is what my ip address is here this is what my mac address is here this is the vendor here i can go down you know take a look and see what the ports are this is very easy for me as a human to read the issue with this though is if you're trying to parse this if you're having trying to have another script read this particular file it might be difficult for a script to read the file so that's where you can output to xml and xml it's a pain for a human to read right i'm sitting here and it's like okay so here's 192.168.1.1 okay here's the mac address here's the vendor all right okay i've got a port here right so it gives me all of this information and that may actually give me more information but it's difficult as a person to read so this is one of those things you need to think about what you want your output to look like so this is what basically the xml looks like we will go here and basically let's take a look at the difference between an a basic scan so if you use no options an a scan so this is where you if you do the aggressive scanning and the af this is where you do the address aggressive scanning but you only scan the 100 most common networking ports so we take a look at the basic scan here what we can see as it goes through it does a scan again we see 192.168.1.1 that is my router we can see that the different ports that are open here 53 85 000 we can see what the mac address is and we can see what the vendor is it simply goes down to 192 or 190 192.168.1.2 so this is the next device it shows me 5009 and 10 000 are there it shows me the mac address and it shows me the probable vendor go down to 1.3 again it's using 62078 for a port it's showing the mac address and it's showing you the vendor so this is a basically it just gives me all of the basic information about the network it gives me the ip address it gives me the ports that are open that it detects mac address and vendor you can go through again very easy to read if we go over to nmap scan a so this is the aggressive scanning so nmap space hyphen uppercase a we take a look at this and we're going to be getting a lot more information out of this so um basically if we go down oh we have information for 192.168.1.1 we have the information for it's a netgear router it's an orbee index uh we can see what the operating system is so os details so it's an open wrt chaos calmer 15.05 so it's able to give us a lot more information about what's going on with that if we go down to 192.168.1.2 basically we can see okay these are the ports that are open just like we saw before it gives us some version information about the service right so if we go over here and look at 192.168.1.2 right basically it just gives us the airport admin it gives me the the 5009 port here it tries to give me a little bit more information the version you know apple airport or time capsule admin again the mac address the vendor basically it tries to tell me what kind of operating system that it's running so it's seen as net bsd 5.x and showing me some other information here again we can go down so this is all for 192.168.1.2 then we go to 192.168.1.3 it's showing me again the port that's open it's showing me the mac address showing me the vendor and then here what it's trying to do is it's trying to figure out what the fingerprint of the operating system is it wasn't able to figure that out so it kind of just fails out on that point uh then we come down here um let's see 192.168.1.7 again it shows us the port that's open it's it's trying to figure out what kind of os is running on this particular device and for whatever reason it thinks it's a fort fortinet fortigate 100d firewall with an 87 accuracy so it does try to give you that type of information so basically this is what you're looking at when you're looking at the a so this is the aggressive scanning it gives you a lot more information might be useful for it to you it may not again the type of thing like what kind of os your networking devices are using that might be useful for you maybe some specific name so this is a netgear rbs 850. that type of thing might be useful for you and this is the kind of thing you get out using the hyphen a option then we go over and take a look at the uh af and if you take a look at this basically this looks the same as the a the difference between a and a f is that this will be only scanning for the the most popular hundred ports so let's go to 192.168.1.8 to show you so this is the ip address so again af is going to only look for the hundred most common ports so we take a look here we see it finds port five thousand port uh forty nine thousand one hundred fifty two forty nine thousand one hundred fifty three and forty nine thousand one hundred and fifty four if we go over when we take a look at the a option if we go down here uh 192.168.1.1 you will notice that it was able to find additional ports so this finds 57 7100 uh and then 49 152 53 54. and so this is one of those things again depending on you know how much information you want out of your network do you want to know every single port that's open or available on your network you may want to run the a simply use the a options so that will give you the aggressive scan but if you're just trying to figure out if the most uh most popular most common ports are open that's where you run the af scan so this again just to show you that only gives you four ports being available uh where this gives you uh one two three four five six ports being available so again depending on your particular situation that may matter or not so this is the kind of differences between basically the basic scan without any options the a scan and the af again when you use o n that will give you this text output if you do o x that will then give you the output in xml that allows some type of script to be able to parse it so now you have a basic idea of how to use nmap and how to output the results into a text file so you can either read you can email to somebody else or again if you output into something like an xml format you can actually have another type of script then parse that information for whatever type of application that you're trying to build now before we get to the actual final thoughts i do want to show you uh one of the projects that i'm currently working on to try to give you an idea of why these command line tools are so useful in the modern world of being an i.t professional so when you start looking at these command line tools especially when you're a noob right when you're new all this stuff is kind of complicated and if you have the option between some kind of nice pretty graphical user interface and something like nmap you're probably going to be going to the graphical user interface the thing is with tools such as nmap you can output this information and then you can write scripts in order to parse and then act on that information as best you see fit again in the modern world of technology we're looking at trying to create more and more custom applications to do exactly what we need to do so if we can output something into a text file then we can create scripts to then work on that text file and then create applications that do exactly what we want so let's go over to the demonstration computer again i'll show you a little application that i'm currently working on and basically with a small little application what happens is i get that xml uh text file that's outputted from nmap what i then do is i use php to then parse the information in that xml file i then input that data into a mysql a database table and then once the information is in that mysql database table i have then created a little application that is able to interact with that information to give me something that is useful for me so let's go over to my demonstration computer to just show you an example of what you can do just to kind of get into your head why these kind of command line tools are so useful in the real world so here we are the little application that i've created so essentially what i have happening is on my server every 10 minutes i have nmap fire off so i have a shell script that fires and map off it then outputs the information into an xml file i then use a php script also within that cron job in order to then parse the information within the xml file and then dump all of that data into a mysql database once it's in a mysql database then i can do things such as be able to print out the information onto an html form such as this so this right here is simply the log so this shows me whenever uh new information has been inputted into my my sequel table so i can see this scan ran at a one o'clock it was able to find these different ip addresses it was able to find these mac addresses the vendor information the open ports so i can just see these open ports that are open here then this shows me the nmap time stamp so basically when in the nmap script actually ran and then when the information was then inputted into the mysql database table so the first thing that i have here is again this is just a very simple output to give me information that i'm interested in so i can sit here and i can see you know whether port 80 is open on particular devices or again what different ports are open past that i can go over to this device report right here and this shows me information uh for particular time frames so it starts off with what it's been able to detect in the past hour so we can see right now it's 11 24. so since 10 24 this morning it's been able to detect these different devices so again these are the ip addresses these are the mac addresses these are the vendors i have host name so i have another script that allows me to add host names that type of thing user agent information so again i have a different script that allows me to pull a user agent information so i'm able to tie all this together here again we can go down we can see things like the the user agent information again this actually comes from a different script but the vendor report so it can show me the different vendors i have on the network so it can show me the three netgear devices i can click on this and then it shows me which devices these are so if i was interested in which netgear devices are on the network i can say oh okay 192.168.1.1.1.12.1.14 these are my net gear devices do a little apple flex here a little apple flags oh let me see all my apple devices okay so those are all my apple devices on the network right so it's able to present all this information and again i have a different table and some other stuff so it allows me to add things like a description to what these particular devices are that type of thing i can go down i can see the the different ports that are open so again things like port 80. so let's say i'm really interested to know what devices on my network have port 80 open i can then simply click on this it tells me what port 80 is and then it tells me uh dot 1.1.1 1.7.1.12.1.14.1.25 all of these have port 80 open so if i'm concerned from a security standpoint i can take a look at that so again this shows me what has been discovered in the past hour i can click on like past week so i can click on all the devices that have been detected in the past week we go down here we can see a total of 20 devices have been detected in the next week so again that's one nice thing with having nmap scanned periodically is sometimes computers are off sometimes computers are rebooting sometimes computers are off the network so if it's continuously scanning dumping that information into a database then you can collect from all the different scans so for here again we see i have a net three netgear devices like i had before get out got up to 12 apple devices that's that's some apple flexing i like apple if you're ever wondering does eli really like apple devices well i've got 12 i'm i know that's at least i think i'm more than that but one of the interesting things is again this also detected my my tv so i have a smart tv so one of the times uh when the nmap was scanning my smart tv was on so i can go here and i can click on what that device is and it shows me my smart tv is at 192.168.1.18 so it shows me information such as that again if we go back we can see things again like oracle virtualbox so i had a couple of virtual machines that were running so i could click on that and then we have different port discovery down here so look at all these ports these are all the different ports that were discovered on my network so you can go here and you can say huh i wonder what port 458 is so this is some kind of apple quicktime service and it was running on ip address dot 1.20 so basically all what i'm showing you here is simply what i have been able to create by using the outputs from the nmap script when it's running if we go down we can take a look at some of the scripting itself so i have this nmap parse so this basically what this does is it parses the xml file so again every 10 minutes i have nmap run so this is the nmap cron scan xml so what it's going to be doing is it's going to be reading from this file it's then going to be grabbing these different variables and then assigning values to these variables it basically goes through each line in the file and depending on what's in that particular line it then grabs that particular information and then assigns a value here right so so this is where it gets the ip address this is where it gets the vendor this is where it gets the mac address this is where it gets the host name if it's available this is where it gets all the ports uh then here is where you then actually add all the values to the database so sql insert into log ip mac vendor hostname ports timestamp in map timestamp and then the values for those particular variables and then that dumps it in and then basically we then have the reports here and these are the reports so that nmap drill down so this right here is actually this particular report we're looking at right now so it shows us the ip addresses the mac addresses all that type of thing basically what we can see is for this again we've got the the sql statements this is where you print out the ip addresses and so it's able to pull that information from the table uh the one thing that i do want to show you here is the the shell script so this is the bash script that i've created so in kron tab so for cron jobs you use the cron tab application so sudo crontab so you run as root and so basically i have the cron tab pointed to this particular script the first thing that i actually do is i parse the previous nmap export so basically what happens is nmap runs and then the next time what this is going to do is it's going to parse the previous uh nmap output and then after it's parsed that dump the data into the database then i'm going to be running nmap again so basically uh here i'm going to be running uh nmap uh 192.168.1.0 forward slash 24. ox it's then going to be outputting uh to here and this is how it's able to run so basically with that that outputs into the xml file then i have the uh the parse script dump that information into a database so on and so forth and so this is where we start to get to some interesting things in the modern world of i.t administration so yay have i made a linux command line tool look exciting to you i hope i did because this doesn't look exciting you might want to find a different occupation but i really think this is the kind of cool thing that again modern it administrators really need to be looking at with the idea of you have a pretty basic tool but with that pretty basic tool you can output what it's able to find and discover into something such as an xml file then once it's in an xml file you can create scripts or an application to present you the exact information that you care about so again imagine if you had uh nmap run it's going through it's detecting all the ports that are open and then if a particular port such as port 80 is open you could possibly have a script that fires off to email you an alert so basically you have a script that goes through it parses that xml file if port 80 is open then email you as the administrator to say hey you've got a port 80 open on the network you might want to take a look at that or again if you're having nmap scan you're dumping all that data into a database once it's in a database you can then do queries to see where there are differences so if a new device shows up on the network and you're not expecting a new device to show up on the network you can be like huh i wonder if that's some like little raspberry pi did somebody just shove a little raspberry pie on my network and it's trying to discover you know what's going on well if you have something like nmap running every 10 20 30 minutes an hour something like that you're able to then parse the information whenever a new device shows up on the network you go let me track that down and figure out is it is it the secretary's you know laptop computer that she brought in so she could print something or is that some kind of like little raspberry pi device that's trying to do something nefarious on the network right that's the kind of cool stuff that you can start doing when you use tools uh such as nmap now again when you're going to be using nmap generally always try to run it as root or use sudo to run it that will then give you the mac address information and then the vendor information along with it beyond that then do go and play with the different options again hyphen a what hyphen a does is an aggressive scan so it's going to look for things such as the operating system and the actual device type that may be useful for you but it gives you a lot of just kind of crappy information right you don't really care about the operating system if you don't really care about that additional information just running in map without any additional options may be a better thing for you again then you'll get the ip address the ports the mac address and the vendor that may be all you need it's a lot easier to read but if you need some additional information you might want to do that hyphen a that more aggressive scan then you have the hyphen f one of the things that i'll warn you about with hyphen f is hyphen f will make and map run a lot faster because it's only only going to scan the 100 most common ports so a lot of people say you should just use that as the default but do realize is only scanning for the the most common 100 ports so again if you're especially if you're doing this for network security that means if somebody opens up a port that's different than one of those standard 100 ports is not going to be detected so one of the things you have to think about is do you prefer speed or do you prefer accuracy again what the answer is that's up to you but just keep that in mind that is one of the things that i will warn you because in a lot of the uh oh introductory material on how to use nmap most of the stuff that i've seen is simply to use hyphen f like all the time which again for most people is probably fine but if if you just get used to using hyphen f and you're not really thinking about why you're using hyphen f that might run you into some problems again there are a lot of other options again things like timeouts do you realize when a nmap is going to scan your network especially if you have a large network or if you have a lot of devices on your network it can take a lot of time especially if devices aren't overly responsive so there are some time out options that you may want to play around with but again with those tests to play around with see what works see what doesn't work and go on from there uh and really you know that's that's about it uh so again nmap is a really cool thing if you have any questions about it definitely go to nmap.org play play play play play play play play play play again set it off in the corner have it run go off get a cup of coffee come back see what the results are try another option go off get another cup of coffee see what the results are go off try another option go to the bathroom relieve yourself from the first two cups of coffee come back see what the results are go from there i would highly recommend you use the hyphen v so basically the verbose option if you're using this at the command line because then it will spit out results as it's going through it'll tell you where it's at in the process that can be very useful for you again so with something like nmap i would highly recommend you use a spare laptop or use a spare computer you have it running in the corner while you're doing something else and so if you're using the verbose option you can just simply go okay yeah it's still doing whatever it's supposed to do and then you can keep doing your work uh without that verbose option you just get a blinking cursor when it's done it's done has it locked up has it frozen is it just taking a long time yeah who knows i just gotta wait for that blinking cursor to stop so anyways as always i enjoy doing this class i look forward to seeing the next one if you like the content that i create please think about going to eli to computerguy.com and becoming a member or donating please understand that all the educational videos are in front of the paywall that includes the videos that includes the notes the diagrams and the code example all of that is freely available and in front of the paywall but if you want to watch opinion videos or if you want to be able to comment you do need to become a member membership is five dollars a month or sixty dollars a year and gives you access to those opinion videos and the ability to comment if you don't want to become a member you just want to give a one-time donation there is also a donate button where you can do that please understand in order to provide the education that i am it does cost money servers cost money equipment costs money travel costs money all of these things cost a reasonable amount of money and the fact of the matter is is youtube's advertising program no longer supports creators the way that it used to so if you want to these classes to continue to stick around and you find them to be valuable please think about either becoming a monthly member or donating a few dollars for this project

Info

Channel: Eli the Computer Guy

Views: 17,154

Rating: 4.968317 out of 5

Keywords: Eli, the, Computer, Guy, Repair, Networking, Tech, IT, Startup, Arduino, iot

Id: _mHwudEOt8c

Channel Id: undefined

Length: 46min 33sec (2793 seconds)

Published: Tue Jul 21 2020