Explore Nmap Verbosity Levels for Network Scanning

Introduction

In this lab, you will learn how to utilize Nmap, a potent network scanning tool, at various verbosity levels. Nmap is a go - to choice for security experts to uncover hosts and services on computer networks. Mastering Nmap's verbosity options allows you to regulate the information shown during scans, which is essential for efficient network analysis and troubleshooting.

Throughout the lab, you'll set up a local server for scanning practice. You'll also explore how different verbosity levels impact scanning results and the information presented.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL nmap(("Nmap")) -.-> nmap/NmapGroup(["Nmap"]) nmap/NmapGroup -.-> nmap/installation("Installation and Setup") nmap/NmapGroup -.-> nmap/basic_syntax("Basic Command Syntax") nmap/NmapGroup -.-> nmap/save_output("Save Output to File") nmap/NmapGroup -.-> nmap/port_scanning("Port Scanning Methods") nmap/NmapGroup -.-> nmap/verbosity("Verbosity Levels") subgraph Lab Skills nmap/installation -.-> lab-415939{{"Explore Nmap Verbosity Levels for Network Scanning"}} nmap/basic_syntax -.-> lab-415939{{"Explore Nmap Verbosity Levels for Network Scanning"}} nmap/save_output -.-> lab-415939{{"Explore Nmap Verbosity Levels for Network Scanning"}} nmap/port_scanning -.-> lab-415939{{"Explore Nmap Verbosity Levels for Network Scanning"}} nmap/verbosity -.-> lab-415939{{"Explore Nmap Verbosity Levels for Network Scanning"}} end

Setting Up Your Environment for Network Scanning

In the first step of this experiment, we're going to set up a local web server on your machine. This server will act as our target for Nmap scanning. Nmap is a powerful network scanning tool used in cybersecurity to discover hosts and services on a computer network. By having a local server, you can safely practice using Nmap without affecting real - world networks.

Understanding HTTP Servers

Before we create the server, let's understand what an HTTP server is. HTTP stands for HyperText Transfer Protocol. It's the protocol that your web browser uses to communicate with websites. An HTTP server is a software application that can understand URLs (web addresses) and the HTTP protocol. When you type a web address in your browser, the browser sends an HTTP request to the corresponding HTTP server, which then sends back the requested web page. For our lab, we'll create a simple HTTP server using Python, a popular and easy - to - learn programming language.

Creating the HTTP Server

First, we need to make sure you're in the correct working directory. The working directory is like a folder where your commands will operate. In this case, we want to be in the /home/labex/project directory. To navigate to this directory, use the following command:

cd /home/labex/project

Now that we're in the right place, we'll use Python's built - in HTTP server module to create a simple web server. We'll set this server to listen on port 8080. A port is like a door on a computer through which network traffic can enter or leave. Different services use different ports. Type the following command:

python -m http.server --bind localhost 8080 &

Let's break down what this command does:

python -m http.server: This part starts Python's built - in HTTP server module. It tells Python to run the HTTP server functionality.
8080: This specifies that the server should listen on port 8080. That means any incoming HTTP requests on this port will be handled by our server.
&: Putting an ampersand at the end of the command runs the server in the background. This is useful because it allows you to continue using the terminal for other commands while the server is running.

After running the command, you should see output similar to:

Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...

This output indicates that your HTTP server is now running and is ready to accept connections on port 8080. With this server up and running, we now have a target that we can scan using Nmap in the next steps.

Verifying the HTTP Server is Running

It's important to confirm that your server is actually running correctly. To do this, we can use the following command:

ss -tulwn | grep 8080

The ss command is used to display socket statistics. The options -tulwn tell ss to show TCP, UDP, listening, and numeric socket information. The | is a pipe, which takes the output of the ss command and passes it to the grep command. The grep command then searches for the string 8080 in the output. If the server is running, this command should show output indicating that something is listening on port 8080, which confirms that your HTTP server is active and ready for Nmap scanning.

Understanding Nmap Basics and Default Verbosity

Now that our target server is up and running, it's time to start exploring Nmap and its verbosity levels. Nmap, short for Network Mapper, is a powerful security scanner. Its main purpose is to help you discover hosts and services on a computer network. This is crucial in cybersecurity as it allows you to understand the network's layout and identify potential security risks.

What is Nmap Verbosity?

In Nmap, verbosity determines how much information is shown during a scan. Depending on how detailed you want your scan results to be, you can choose different verbosity levels. Here's a breakdown of the common verbosity levels:

Level 0: This is the default level. It gives you the standard output, which provides the basic information about the scan.
Level 1: By using the -v option, you can get more details in the scan output.
Level 2: Using the -vv option will give you even more detailed information.

Performing a Default Verbosity (Level 0) Scan

Let's start by performing our first scan using Nmap's default verbosity level. This will give us a baseline understanding of what kind of information we can get without adding extra verbosity.

nmap -p 8080 localhost > /home/labex/project/verbosity-0.txt

Let's break down this command:

nmap: This is the command to invoke the Nmap scanning tool. It tells your system to use Nmap for the network scan.
-p 8080: This option tells Nmap to focus the scan on only port 8080. Ports are like doors on a computer, and different services use different ports. By specifying port 8080, we're only interested in the service running on that particular port.
localhost: This indicates that we're scanning the local machine. In other words, we're checking the services running on the same computer where we're executing the Nmap command.
> /home/labex/project/verbosity-0.txt: This part of the command redirects the output of the scan to a file named verbosity-0.txt located in the /home/labex/project directory. Saving the output to a file allows us to review it later.

Now, let's view the scan results:

cat /home/labex/project/verbosity-0.txt

After running this command, you should see output similar to the following:

Starting Nmap 7.80 ( https://nmap.org ) at 2023-08-10 15:30 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000097s latency).

PORT     STATE SERVICE
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

Let's understand what this output means:

When the scan started: The first line tells us the exact time when the Nmap scan began. This is useful for keeping track of when the information was gathered.
The target of the scan: It shows that we were scanning localhost, which has the IP address 127.0.0.1.
Host status: It indicates that the host is up and responsive, with a very low latency of 0.000097 seconds.
Port state: It tells us that port 8080 is in the open state, meaning that there's a service listening on that port.
Service running: It suggests that the likely service running on port 8080 is http-proxy.
Scan completion statistics: The last line gives us information about how long the scan took, which in this case was 0.05 seconds.

The default level provides essential information, but it lacks detailed insights. In the next steps, we'll explore how higher verbosity levels can give us more in - depth information about the scan.

Increasing Verbosity with the -v Option

In the world of network scanning, getting detailed information is crucial. In this step, we'll learn how to obtain more in - depth details from Nmap by increasing the verbosity level. Verbosity in Nmap refers to the amount of information it displays during a scan. The -v option, which sets the verbosity level to 1, gives us additional information that can be extremely useful for network analysis.

Running a Scan with Increased Verbosity

Let's start by running a scan with increased verbosity. We'll use the following command:

nmap -p 8080 localhost -v > /home/labex/project/verbosity-1.txt

Let's break down this command:

nmap is the command to invoke the Nmap scanning tool. Nmap is a powerful and widely - used network exploration and security auditing tool.
-p 8080 tells Nmap to scan only port 8080. Ports are like doors in a network, and by specifying a port, we're focusing our scan on a particular service that might be running on that port.
localhost indicates that we're targeting the local machine. This is useful for testing and understanding how Nmap works on your own system.
-v increases the verbosity level to 1. This means Nmap will show more information about the scanning process.
> /home/labex/project/verbosity-1.txt redirects the output of the scan to a file named verbosity-1.txt in the /home/labex/project directory. Saving the output to a file allows us to review it later.

Now, let's see the results of our scan:

cat /home/labex/project/verbosity-1.txt

When you run this command, you should see a more detailed output similar to this:

Starting Nmap 7.80 ( https://nmap.org ) at 2023-08-10 15:35 UTC
Initiating Ping Scan at 15:35
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 15:35, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 15:35
Scanning localhost (127.0.0.1) [1 port]
Discovered open port 8080/tcp on 127.0.0.1
Completed Connect Scan at 15:35, 0.00s elapsed (1 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000089s latency).

PORT     STATE SERVICE
8080/tcp open  http-proxy

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Understanding the Additional Information

With verbosity level 1, the output provides a wealth of extra details. Here's what you can see:

The scanning process is broken down into stages. For example, there's a Ping Scan and a Connect Scan. The Ping Scan is used to check if a host is reachable, while the Connect Scan tries to establish a connection to a specific port.
Timing information for each stage is provided. This helps you understand how long each part of the scan took.
You can see the exact moment when the open port was discovered. This is important as it gives you a clear timeline of the scan.
The data files Nmap used during the scan are also shown. These files contain information about services, ports, and other network - related data that Nmap uses to perform its scans.

This additional information is very helpful because it allows you to:

Understand how Nmap performs its scans. By seeing the different stages and the order in which they occur, you can get a better grasp of the scanning process.
Know the exact timeline of events during the scan. This can be useful for troubleshooting or for understanding the behavior of a network.
Determine when specific ports and services were discovered. This is crucial for security assessments and network management.

Comparing Verbosity Levels

To see the difference between a normal scan and a scan with increased verbosity more clearly, we'll compare the two output files. Use the following command:

diff /home/labex/project/verbosity-0.txt /home/labex/project/verbosity-1.txt

The diff command compares the contents of two files and shows the differences between them. The output of this command will demonstrate how increasing the verbosity level provides more insight into the scanning process. This extra information can be particularly useful when you're troubleshooting network issues or conducting detailed security assessments.

Additional Verbosity Levels

Nmap doesn't stop at verbosity level 1. It supports even higher verbosity levels:

-vv sets the verbosity level to 2.
-vvv sets the verbosity level to 3.

As you increase the verbosity level, Nmap will provide increasingly detailed information about the scanning process. This can be very useful when you need to dig deeper into the network and understand every aspect of the scan.

Exploring Higher Verbosity Levels and Practical Applications

In this step, we'll take a deeper dive into Nmap's capabilities. We'll start by using an even higher verbosity level, which will give us more detailed information during the scanning process. Then, we'll learn about the practical applications of different verbosity settings, so you'll know when to use each level in real - world scenarios.

Running a Scan with Maximum Verbosity

Let's execute a scan with verbosity level 2. In Nmap, we can set the verbosity level using the -vv option. Verbosity level 2 will provide a significant amount of detailed information about the scan. Here's the command to run the scan:

nmap -p 8080 localhost -vv > /home/labex/project/verbosity-2.txt

In this command, -p 8080 tells Nmap to scan port 8080. localhost is the target we're scanning, which refers to the local machine. The -vv option increases the verbosity to level 2. The > symbol redirects the output of the scan to the file /home/labex/project/verbosity-2.txt.

Now, let's examine the results of the scan. We can use the cat command to display the contents of the file:

cat /home/labex/project/verbosity-2.txt

When you look at the output, you'll notice that it contains even more technical details about the scanning process. These details include:

More in - depth timing information: This helps you understand how long different parts of the scan took.
Additional debugging information: It can be useful if something goes wrong during the scan.
More detailed protocol information: This gives you a better understanding of the network protocols involved in the scan.

Practical Applications of Different Verbosity Levels

Different verbosity levels are useful in different scenarios. Let's take a look at each level and its practical applications:

Default Level (0):
- The default verbosity level is best for quick scans. When you only need basic information about the target, like whether a specific port is open or closed, this level is sufficient.
- It's also useful for routine checks and simple network mapping. For example, if you want to quickly check the basic status of a server's ports, you can use the default level.
- An example use case is checking if specific ports are open on a server. You can get a quick overview without getting bogged down in too much detail.
Verbosity Level 1 (-v):
- This level is useful for more detailed analysis. It provides more information than the default level, which helps you understand the scanning timeline better.
- If you're troubleshooting connectivity issues, the additional information at this level can be very helpful. You can see which parts of the scan are taking longer or if there are any errors.
- An example use case is troubleshooting connectivity issues. You can use the extra details to figure out what might be causing the problem.
Higher Verbosity Levels (-vv, -vvv):
- These levels are ideal for in - depth analysis and debugging. They provide the maximum amount of information, which is very useful for security audits.
- When you're conducting a detailed security assessment or need to understand exactly how the scan is interacting with the target, higher verbosity levels are the way to go.
- An example use case is detailed security assessments or when you need to understand exactly how the scan is interacting with the target. You can get a comprehensive view of the scan process.

Combining Verbosity with Other Nmap Options

Verbosity options can be combined with other Nmap options to perform more powerful scans. Let's try a more advanced scan using the following command:

nmap -p 8080 -sV localhost -v > /home/labex/project/advanced-scan.txt

Let's break down this command:

-p 8080 specifies that we want to scan port 8080.
-sV enables version detection. This option tries to determine the version of the service running on the scanned port.
-v increases the verbosity to level 1, so we'll get more detailed information about the scan process.
The > symbol redirects the output of the scan to the file /home/labex/project/advanced-scan.txt.

Now, let's look at the results of the scan:

cat /home/labex/project/advanced-scan.txt

You'll notice that the addition of -sV provides information about the service version running on port 8080. At the same time, the -v option ensures that you get detailed information about the scan process, making it easier to analyze the results.

Cleaning Up

Before we finish this experiment, we need to properly shut down the HTTP server we created earlier. We can use the following command to do this:

pkill -f "python -m http.server"

This command terminates the Python HTTP server process running on port 8080. It's important to clean up properly to avoid any conflicts or resource usage issues in the future.

Summary

In this lab, you have learned how to effectively use Nmap's verbosity levels to control the information displayed during network scans. Beginning with a basic local HTTP server setup, you explored how different verbosity levels impact Nmap scan outputs.

You found that the default verbosity level (0) gives essential details about open ports and services. Using the -v option increases verbosity, offering more insights into the scanning process. Higher levels like -vv and -vvv provide detailed technical information for in - depth analysis. Verbosity options can also be combined with other Nmap techniques for more powerful network analysis. These skills are crucial for network administrators and security professionals, enabling them to gather network data efficiently and tailor scans to specific tasks.