HakTip 104 – NMap 101: How to Troubleshoot Scans
This week on HakTip Shannon covers some troubleshooting options for NMap.
Welcome to HakTip — the show where we breakdown concepts, tools and techniques for hackers, gurus and IT ninjas. I’m Shannon Morse and today we’ll be covering some troubleshooting options.
This might be useful to know if your scan doesnt give you the output you expected, of if you don’t get any output at all.
nmap -h will pull up the help menu, just like any other command line program. Keep in mind, you also have: man nmap to see a bunch more details about nmap. Nmap -v will show you the version of nmap you’re running, so you might figure out that you need to update nmap to get better results.
Another option you can use is for debugging. This one is: nmap -d 10.73.31.145. This will show you hostgroups, timing, how many packets per second, any timeouts, and more. If you want to, you can also specify how much debugging you want to do, by using -d1 for the lowest through -d9 for highest.
Another troubleshooting option to use is the –reason option. This will show you “port state reason codes”. Like this: nmap –reason 10.73.31.145. Any connections considered closed will say “connection refused”. Open ones should show syn-ack. If there is no reason code, or the port just doesn’t respond, it’s probably behind a firewall.
Let’s say you don’t care about all those closed ports, you just want to see the open ones. Type: nmap –open 10.73.31.145.
This next one looks a little cluttered, but it is useful to show a nice summary of the packets that are both sent and received during a scan. Type: nmap –packet-trace 10.73.31.145. You can add > trace.txt to the end to output this long summary of info into a file to read back later.
Next is iflist, which will display the host networking configurations. While connected to the network, type: nmap –iflist to show how the network interfaces and routes are configured on your local network.
Lastly, we have -e to specify which type of network interface you’d like to scan on. Type: nmap -e eth0 (or wlan0, etc) 10.73.31.145. This gives you an easy way to switch to a different interface quickly to do a scan.
What would you like to see next about NMAP? Send me a comment below or email us at [email protected]. And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to trust your technolust.