How to conduct a basic Nmap scan with firewall evasion

CybersecurityCybersecurityBeginner
Practice Now

Introduction

In the field of Cybersecurity, understanding network scanning tools and techniques is crucial. This tutorial will guide you through the process of conducting a basic Nmap scan and explore methods for evading firewalls, empowering you to enhance your network security knowledge and skills.


Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL cybersecurity(("`Cybersecurity`")) -.-> cybersecurity/NmapGroup(["`Nmap`"]) cybersecurity/NmapGroup -.-> cybersecurity/nmap_installation("`Nmap Installation and Setup`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_basic_syntax("`Nmap Basic Command Syntax`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_tcp_connect_scan("`Nmap Basic TCP Connect Scan`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_common_ports("`Nmap Common Ports Scanning`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_port_scanning("`Nmap Port Scanning Methods`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_host_discovery("`Nmap Host Discovery Techniques`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_scan_types("`Nmap Scan Types and Techniques`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_firewall_evasion("`Nmap Firewall Evasion Techniques`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_stealth_scanning("`Nmap Stealth and Covert Scanning`") subgraph Lab Skills cybersecurity/nmap_installation -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_basic_syntax -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_tcp_connect_scan -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_common_ports -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_port_scanning -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_host_discovery -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_scan_types -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_firewall_evasion -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} cybersecurity/nmap_stealth_scanning -.-> lab-415547{{"`How to conduct a basic Nmap scan with firewall evasion`"}} end

Introduction to Nmap and Network Scanning

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. It is widely used by network administrators, security professionals, and hackers to scan networks, identify active hosts, and detect open ports, services, and operating systems.

Network Scanning Basics

Network scanning is the process of identifying active devices on a network and gathering information about them. This information can include the IP address, hostname, open ports, running services, and operating system. Nmap provides a variety of scanning techniques to suit different needs, such as TCP connect scans, SYN scans, and UDP scans.

Nmap Features and Capabilities

Nmap offers a wide range of features and capabilities, including:

  • Host discovery: Identifying active hosts on a network
  • Port scanning: Detecting open ports and associated services
  • OS detection: Determining the operating system of a target host
  • Service and version detection: Identifying the running services and their versions
  • Scripting engine: Executing custom scripts for advanced tasks

Nmap Use Cases

Nmap can be used in various scenarios, such as:

  • Network inventory: Mapping the devices and services on a network
  • Security assessment: Identifying potential vulnerabilities and attack vectors
  • Penetration testing: Gathering information about a target network for further exploitation
  • Network troubleshooting: Diagnosing network issues and connectivity problems

Installing and Running Nmap

Nmap is available for various operating systems, including Linux, Windows, and macOS. In this tutorial, we will focus on using Nmap on an Ubuntu 22.04 system. To install Nmap, you can use the following command:

sudo apt-get update
sudo apt-get install nmap

Once installed, you can run Nmap using the following basic command:

nmap <target_ip_or_hostname>

This will perform a basic TCP connect scan on the target host and display the open ports and associated services.

Conducting a Basic Nmap Scan

Basic Nmap Scan

The most basic Nmap scan is the TCP connect scan, which is performed by default when you run the nmap <target> command. This scan attempts to establish a full TCP connection with each open port on the target host.

Here's an example of a basic Nmap scan:

nmap 192.168.1.100

This will perform a TCP connect scan on the target IP address 192.168.1.100 and display the following information:

  • Open ports
  • Associated services running on those ports
  • Operating system (OS) detection (if possible)

Scan Types

Nmap offers a variety of scan types to suit different needs. Some common scan types include:

  1. SYN Scan: A stealthy scan that does not complete the full TCP handshake, often used to avoid detection by firewalls.
  2. UDP Scan: Scans for open UDP ports on the target host.
  3. Idle/Zombie Scan: Uses an idle or "zombie" host to perform the scan, making it harder to trace back to the original source.
  4. Comprehensive Scan: Combines multiple scan types to gather more detailed information about the target.

Here's an example of a SYN scan:

nmap -sS 192.168.1.100

Scan Modifiers

Nmap also provides various modifiers to customize the scan and gather more information. Some useful modifiers include:

  1. -p-: Scans all ports (1-65535) instead of the default 1000 most common ports.
  2. -sV: Performs version detection to identify the running services and their versions.
  3. -sC: Runs a set of default nmap scripts for further enumeration.
  4. -O: Attempts to detect the target's operating system.
  5. -oA: Saves the output in all major formats (normal, greppable, and XML).

Example:

nmap -sS -sV -sC -O -oA basic_scan 192.168.1.100

This command will perform a stealthy SYN scan, detect service versions, run default scripts, attempt OS detection, and save the output in all major formats.

Techniques for Firewall Evasion

Understanding Firewalls

Firewalls are security devices that monitor and control incoming and outgoing network traffic based on predefined security rules. They act as a barrier between a trusted internal network and an untrusted external network, such as the internet. Firewalls can pose a challenge for network scanners like Nmap, as they may block or filter certain types of traffic.

Firewall Evasion Techniques

To bypass firewalls and conduct successful network scans, Nmap provides several techniques:

1. TCP SYN Scan

As mentioned earlier, the TCP SYN scan is a stealthy scan that does not complete the full TCP handshake. This can help bypass firewalls that are configured to block full TCP connections.

nmap -sS 192.168.1.100

2. Idle/Zombie Scan

The idle/zombie scan uses an "idle" or "zombie" host to perform the scan, making it harder for the firewall to detect the actual source of the scan.

nmap -sI zombie_host 192.168.1.100

3. Fragmented Packets

Firewalls may be configured to block large packets, so Nmap can split the packets into smaller fragments to bypass this restriction.

nmap -f 192.168.1.100

4. Decoy Scans

Nmap can launch the scan from multiple source IP addresses, including decoy IP addresses, to make it more difficult for the firewall to identify the actual source of the scan.

nmap -D decoy1,decoy2,ME 192.168.1.100

5. Timing and Delay Options

Firewalls may be configured to block scans that are too fast or too aggressive. Nmap provides various timing and delay options to slow down the scan and evade detection.

nmap -T4 -min-rate 100 192.168.1.100

By combining these techniques, you can increase the chances of successfully scanning a network protected by a firewall. However, it's important to use these methods responsibly and only for legitimate purposes, as they can also be used for malicious activities.

Summary

This Cybersecurity tutorial has provided a comprehensive overview of conducting a basic Nmap scan and employing firewall evasion techniques. By mastering these skills, you can effectively gather valuable information about your network, identify potential vulnerabilities, and take proactive steps to strengthen your overall Cybersecurity posture.

Other Cybersecurity Tutorials you may like