Page 512 - StudyBook.pdf
P. 512
496 Chapter 8 • Infrastructure Security: System Hardening
2. This should give you some idea of some of the types of scans that
Nmap can perform. Notice the first and second entries. The –sS is
a Transmission Control Protocol (TCP) stealth scan, and the –sT is
a TCP full connect. The difference in these is that the stealth scan
does only two of the three steps of the TCP handshake, while the
full connect scan does all three steps and is slightly more reliable.
3. Now run Nmap with the –sT option and configure it to scan the
entire subnet. The following gives an example of the proper
syntax.
C:\>nmap -sT 192.168.1.1-254
4. The scan will take some time. On a large network expect the tool
to take longer as there will be many hosts for it to scan.
5. When the scan is complete the results will be returned that will
look similar to those shown here.
Starting nmap V. 4.20 ( www.insecure.org/nmap )
Interesting ports on (192.168.1.17):
(The 1600 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http
Interesting ports on (192.168.1.18):
(The 1594 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http
139/tcp open netbios-ssn
445/tcp open printer
9100/tcp open jetdirect
9111/tcp open DragonIDSConsole
9152/tcp open ms-sql2000
Interesting ports on (192.168.1.19):
(The 1594 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http
9100/tcp open jetdirect
9112/tcp open DragonIDSSensor
9152/tcp open ms-sql2000
www.syngress.com
