Use Nmap to Scan and Document Network Services

Introduction

In this lab, you will learn how to use Nmap, a powerful network scanning tool, to discover and analyze services running on a network. Nmap is a crucial tool for network administrators and security professionals, commonly used for network discovery and security auditing.

The skills you'll acquire include setting up a basic web server, using Nmap to scan and detect services, interpreting scan results, and effectively documenting your findings. This knowledge is fundamental for network security assessment and is widely applied in real - world scenarios to identify potential system vulnerabilities.

Setting Up a Web Server

In this step, we're going to set up a basic web server on your local machine. Why do we need to do this? Well, this web server will act as a target for your Nmap scanning practice later on. Nmap is a powerful tool for network exploration and security auditing, and having a local web server to scan will help you understand how it works in a safe and controlled environment.

What is a Web Server?

A web server is a piece of software that plays a crucial role in the web. When you open a website in your browser, it's the web server that sends the web content, such as HTML pages, images, or videos, to your browser in response to your request. For this lab, we'll take advantage of Python's built - in functionality to create a simple HTTP server. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web, and using Python's built - in server is a quick and easy way to get a web server up and running.

Creating Your Web Directory and Content

1. First, we need to open a terminal. A terminal is a text - based interface that allows you to interact with your computer's operating system by typing commands. Once you've opened the terminal, you'll navigate to your project directory. Navigating in the terminal means moving through the file system of your computer. Use the following command to go to the project directory:

   cd /home/labex/project

2. Now, we'll create a new directory for your web server content. A directory is like a folder on your computer where you can store files. We use the mkdir command to create a new directory. The -p flag is important here. It ensures that if the parent directories (the directories that contain the directory you're creating) don't exist, they will be created for you. Run the following command:

   mkdir -p services

3. After creating the directory, we need to move into it. Just like you would open a folder on your desktop, we use the cd command to enter the newly created directory:

   cd services

4. Next, we'll create a simple HTML file. HTML (Hypertext Markup Language) is the standard language for creating web pages. This file will be served by your web server. The following command creates a file named index.html and puts the text "Welcome to the mini fortress" inside it:

   echo "Welcome to the mini fortress" > index.html

5. Finally, we'll start a Python HTTP server on port 8000. A port is like a door on your computer through which network traffic can enter or leave. Port 8000 is a commonly used port for testing web servers. The following command uses Python's built - in HTTP server module to start the web server:

   python3 -m http.server 8000

   Once you run this command, you should see output similar to:

   Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

   This means that your web server is up and running and is ready to serve requests.

Verifying Your Web Server

To make sure that your web server is running correctly, we need to open a new terminal window. Keep the first terminal window running because it's currently occupied by the web server process. If you close it, the web server will stop.

1. Open a new terminal window.

2. Now, we'll use the curl command to access your web server. curl is a command - line tool that allows you to transfer data to or from a server. Run the following command:

   curl http://localhost:8000

   If everything is working correctly, you should see the message: Welcome to the mini fortress

   This confirms that your web server is running and accessible.

The web server you've just set up will continue running in the first terminal window. Keep this window open and the server running for the next steps. All further commands should be executed in the new terminal window you just opened.

Scanning Services with Nmap

In this step, we're going to use a powerful tool called Nmap to scan and detect the web server service you set up in the previous step. Scanning services is an important part of cybersecurity because it helps us understand what services are running on a network and if they might be vulnerable to attacks.

Understanding Nmap

Nmap, which stands for Network Mapper, is a free and open - source utility. It's widely used for network discovery and security auditing. Nmap works by sending raw IP packets to the target hosts on a network. Based on the responses it receives, it can figure out several important things:

• First, it can tell us what hosts are available on the network. A host could be a computer, a server, or any device connected to the network.
• Second, it can determine what services those hosts are offering. Services could include things like web servers, email servers, or file - sharing services.
• Third, it can even identify what operating systems the hosts are running. This is useful because different operating systems may have different security vulnerabilities.
• And there are many other characteristics that Nmap can discover about the hosts on the network.

Running a Basic Service Scan

1. Before we start the scan, we need to make sure we are in the project directory. The project directory is where all the relevant files for this experiment are stored. To navigate to the project directory, we use the cd command in the terminal.

   cd /home/labex/project

2. Now, we're going to run an Nmap service scan on our local web server. The local web server is running on our own machine, and we'll use Nmap to find out what service is running on port 8000.

   sudo nmap -sV localhost -p 8000

   Let's break down this command to understand what each part does:

   • sudo: This is used to run the command with administrative privileges. Some operations in the system require administrative rights, and Nmap may need these rights to perform a proper scan.
   • nmap: This is the network mapping tool we've been talking about. It's the main command we use to perform the scan.
   • -sV: This option enables version detection. It helps Nmap identify what specific service is running on the target port.
   • localhost: This is the target we want to scan. In this case, it's our local machine.
   • -p 8000: This option specifies that we want to scan port 8000. Ports are like doors on a computer, and different services use different ports to communicate.

   After running the command, you should see output similar to this:

   Starting Nmap 7.80 ( https://nmap.org ) at 2023-09-01 12:00 UTC
   Nmap scan report for localhost (127.0.0.1)
   Host is up (0.000094s latency).
   
   PORT     STATE SERVICE VERSION
   8000/tcp open  http    Python/3.10 http.server
   
   Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
   Nmap done: 1 IP address (1 host up) scanned in 6.31 seconds

   The output shows that Nmap has detected an HTTP service running on port 8000. Specifically, it has identified the service as a Python 3.10 HTTP server.

3. To keep a record of the scan results for further analysis, we'll save the output to a file. This way, we can refer back to the results later and look for any potential security issues.

   sudo nmap -sV localhost -p 8000 > /home/labex/project/nmap_service_detection.txt

   This command runs the same Nmap scan as before, but instead of showing the output on the terminal, it redirects the output to a file named nmap_service_detection.txt.

4. Now, let's view the contents of the saved file to make sure the results are there. We use the cat command to display the contents of a file in the terminal.

   cat /home/labex/project/nmap_service_detection.txt

   The content you see should match the output you saw earlier when you ran the Nmap command directly.

Understanding the Nmap Output

Let's take a closer look at the output from your Nmap scan to understand what each part means:

• Starting Nmap 7.80: This line indicates the version of Nmap that is being used. Different versions of Nmap may have different features and capabilities.
• Host is up: This shows that the target (in this case, our local machine) is responding to network requests. If the host was down, Nmap wouldn't be able to get any information from it.
• PORT: This column lists the port number that was scanned. In our case, it's port 8000.
• STATE: This shows the status of the port. It can be open, closed, or filtered. An open port means that a service is listening on that port and accepting connections.
• SERVICE: This identifies the service running on the port. In our output, it's an HTTP service.
• VERSION: This shows details about the service version. Here, it tells us that the HTTP service is a Python 3.10 http.server.

This information is crucial for security assessments. By knowing what services are exposed on a network, we can check if they have any known vulnerabilities. If these services are not properly secured, they could potentially be exploited by attackers.

Documenting Your Findings

In this step, we're going to focus on documenting the service information you've discovered using Nmap. Documentation is like a map in the world of security work. It's crucial because it allows you to record all the important details you find during your scans. This record can be referred back to later for analysis, to see how things have changed over time, or to meet certain compliance requirements.

The Importance of Documentation

In professional security assessments and network audits, detailed documentation plays several key roles:

• Snapshot of Systems and Services: It creates a record of what systems and services were present at a specific point in time. This is useful for understanding the state of your network at a given moment.
• Tracking Changes: Helps you keep track of any changes in the network infrastructure. By comparing documentation from different times, you can easily spot new services, removed systems, or other alterations.
• Compliance Evidence: Provides evidence that you've conducted proper security checks, which is often required by various regulations and standards.
• Planning Improvements: Serves as a reference when planning security improvements. You can look at the documented findings to identify areas that need attention.

Creating a Documentation File

Step 1: Navigate to the Project Directory

First, you need to make sure you're in the project directory. This is where we'll create and store our documentation file. To do this, use the cd command, which stands for "change directory".

cd /home/labex/project

Step 2: Create a New File

Now, we'll create a new file to document our findings. We'll use the touch command. If the file doesn't exist, touch will create an empty file with the specified name.

touch nmap_findings.txt

Step 3: Add a Descriptive Header

Next, we'll add a descriptive header to our documentation file. This header will give some context to the scan results we're about to add. We'll use the echo command to print the text, and the >> operator to append it to the file. The >> operator is important because it adds the text to the end of the file without overwriting what's already there.

echo "Nmap has detected the following service running on localhost, port 8000:" >> nmap_findings.txt

Step 4: Add the Detailed Scan Results

Now, we'll add the detailed Nmap scan results to our documentation. We'll run the Nmap scan again and use the >> operator to append the results to our file.

nmap -sV localhost -p 8000 >> nmap_findings.txt

Step 5: Review Your Documentation

Finally, let's review the completed documentation. We'll use the cat command, which stands for "concatenate", to display the contents of the file.

cat nmap_findings.txt

Your file should now contain a header and the full Nmap scan results, similar to:

Nmap has detected the following service running on localhost, port 8000:
Starting Nmap 7.80 ( https://nmap.org ) at 2023-09-01 12:15 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000094s latency).

PORT     STATE SERVICE VERSION
8000/tcp open  http    Python/3.10 http.server

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.31 seconds

Best Practices for Security Documentation

When documenting security findings in real-world scenarios, there are several important elements you should consider including:

1. Date and Time of the Assessment: This helps you keep track of when the scan was conducted, which is useful for understanding the timeline of changes in your network.
2. Tools Used (including Version Numbers): Knowing which tools were used and their versions is important for reproducibility and for understanding the capabilities of the scan.
3. Scope of the Assessment: Clearly define what was tested. This could include specific IP addresses, ports, or systems.
4. Detailed Findings with Evidence: Provide as much detail as possible about the findings, along with any evidence to support them.
5. Potential Security Implications: Analyze the findings and identify any potential security risks or vulnerabilities.
6. Recommendations for Improvements: Based on the findings, suggest steps to improve the security of the network.

For this lab, we've created a simple document with the scan results, but in professional contexts, documentation would typically be more comprehensive.

Summary

In this lab, you have learned essential skills for network service discovery and documentation using Nmap. These skills are the foundation of network security assessment practices used by professionals globally.

The key takeaways include setting up a basic web - server, using Nmap to detect running services, interpreting scan results, and documenting findings. These skills are applicable in real - world scenarios like network inventorying, security assessments, system administration, and compliance verification. As you progress in networking and security, Nmap will be an invaluable tool. Consider exploring advanced Nmap features to enhance your network discovery capabilities.