Admin
Admin
Posts : 67
Join date : 20.08.09
Age : 28
Location : Ambon
|
Subyek: Tool - tool eksplorasi jaringan August 24th 2009, 12:45 |
|
|
/* INTRO */
Nmap adalah Tool untuk eksplorasi jaringan, secara ekslusif menjadi salah satu tool andalan yang sering digunakan oleh Administrator Jaringan, Pen-Test (IT Developer yg dibayar untuk mencari Hole pada System Jaringan) serta Attacker (hayooo.... yg masuk kategori ini siapa ? Very HappyVery HappyVery HappyVery HappyVery Happy
Tool ini digunakan sebagaimana namanya yaitu Penjelajah System Jaringan (Network Mapper, Network Exploration Tool). Dengan Nmap kamu bisa melakukan Probing (probe) keseluruh jaringan dan mencari tahu service apa yang aktif pada port yang lebih spesifik. Buka saja hanya itu tapi juga mencampur fingerprinting (Banner Grap) yang bisa membandingkan dan memberikan estimasi akan apa jenis Sistem Operasi (OS) target. Nmap juga mempunyai banyak kelebihan atau Flags yang akan memanipulasi bagaimana cara dia (Nmap) melakukan Scanning, kamu hanya perlu melakukan tcp connect scanning yang akan membuat full connection ke host atau syn scanning juga biasa dikenal (a.k.a) Half Connection , testing Firewall atau mencari tahu apakah ada Firewall atau Packet Filter, Idle Scan yang akan melakukan Spoofing (menyembunyikan IP kamu) ke Host yang lain atau memakai Decoy (host umpan) yang akan membuat JeJaK (trace) kamu semakin susah dilacak. Nmap kompetibel dengan Linux/BSD Family (*nix) dan Windows,
*Raiden memakai Linux Distro slackware dan Nmap v3.93 (http://www.insecure.org)
/* Pilihan dan Flags */ Nmap 3.93 Usage: nmap [Scan Type(s)] [Options] <host or net list> Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) * -sU UDP port scan -sP ping scan (Find any reachable machines) * -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only) -sV Version scan probes open ports determining service & app names/versions -sR RPC scan (use with other scan types) Some Common Options (none are required, most can be combined): * -O Use TCP/IP fingerprinting to guess remote operating system -p <range> ports to scan. Example range: 1-1024,1080,6666,31337 -F Only scans ports listed in nmap-services -v Verbose. Its use is recommended. Use twice for greater effect. -P0 Don't ping hosts (needed to scan www.microsoft.com and others) * -Ddecoy_host1,decoy2[,...] Hide scan using many decoys -6 scans via IPv6 rather than IPv4 -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve] -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile> -iL <inputfile> Get targets from file; Use '-' for stdin * -S <your_IP>/-e <devicename> Specify source address or network interface --interactive Go into interactive mode (then press h for help) Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
contoh penggunaan : flags -sP - Ping Scan untuk mengetahui host yang hidup
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2006-11-04 16:11 WIT Host 10.14.4.0 seems to be a subnet broadcast address (returned 1 extra pings). Host 10.14.4.1 appears to be up. Host 10.14.4.2 appears to be up. Host 10.14.4.3 appears to be up. Host 10.14.4.50 appears to be up. Host 10.14.4.66 appears to be up. Host 10.14.4.72 appears to be up. Host 10.14.4.77 appears to be up. Host 10.14.4.81 appears to be up. Host 10.14.4.82 appears to be up. Host 10.14.4.83 appears to be up. Host 10.14.4.84 appears to be up. Host 10.14.4.85 appears to be up. Host 10.14.4.89 appears to be up. Host 10.14.4.90 appears to be up. Host 10.14.4.91 appears to be up. Host 10.14.4.99 appears to be up. Host 10.14.4.112 appears to be up. Host 10.14.4.116 appears to be up. Host 10.14.4.125 appears to be up. Host 10.14.4.127 appears to be up. Host 10.14.4.136 appears to be up. Host 10.14.4.220 appears to be up. Host 10.14.4.222 appears to be up. Host 10.14.4.252 appears to be up. Host 10.14.4.255 seems to be a subnet broadcast address (returned 1 extra pings). Nmap finished: 256 IP addresses (24 hosts up) scanned in 243.674 seconds
flags -sS - untuk melihat port yang hidup
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2004-06-24 15:37 WIT Interesting ports on 10.14.xxx.xxx : (The 1636 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 143/tcp open imap 199/tcp open smux 443/tcp open https 445/tcp filtered microsoft-ds 465/tcp open smtps 587/tcp open submission 593/tcp filtered http-rpc-epmap 993/tcp open imaps 995/tcp open pop3s 3128/tcp open squid-http 3306/tcp open mysql 6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 115.478 seconds
port 135,137,138,139, dll yang memiliki state filtered biasanya memakai firewall
masih banyak flag yang bisa dipakai, semua itu tergantung kreatifitas anda masing2, misalnya :
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2006-11-04 17:53 WIT Host 10.14.200.1 appears to be up. MAC Address: 00:00:CD:01:4B:70 (Allied Telesyn Research) Host 10.14.200.2 appears to be up. MAC Address: 00:0F:CB:AB:31:08 (3com Europe) Host 10.14.200.4 appears to be up. MAC Address: 00:11:2F:CF:90:E9 (Asustek Computer) Host 10.14.200.10 appears to be up. MAC Address: 00:50:8D:6C:B3:65 (Abit Computer) Host 10.14.200.14 appears to be up. MAC Address: 00:0F:EA:72:0B:F6 (Giga-Byte Technology Co.) Host 10.14.200.16 appears to be up. MAC Address: 00:0C:61:00:00:00 (AC Tech DBA Advanced Digital) Host 10.14.200.17 appears to be up. MAC Address: 00:0B:6A:B9:5B:77 (Asiarock Incorporation) Host 10.14.200.18 appears to be up. MAC Address: 00:13:D4:3D:65:5C (Asustek Computer) Host 10.14.200.21 appears to be up. MAC Address: 00:13:8F:26:48:88 (Asiarock Incorporation) Host 10.14.200.23 appears to be up. MAC Address: 00:11:2F:37:68:93 (Asustek Computer)
--------------*Raiden potong-------------------------
contoh lain :
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2006-11-04 17:35 WIT Interesting ports on 10.14.xxx.xxx: (The 1664 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 113/tcp closed auth 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds 1521/tcp closed oracle Service Info: OS: Windows
flags -o untuk melihat versi operating system
jadi, penggunaan nmap didasarkan pada kreatifitas "meramu" flags untuk mencari tau keadaan jaringan kita.. kemudian kita bisa memutuskan apa yang dapat dilakukan pada jaringan kita.....
tambahan : buat subnet 4, 200, 206, dan 207, maaf ya......udah di scan......
referensi : http://www.insecure.org/nmap manual dan help nmap ezine.echo.or.id situs2 lain yang relevan ----------------------------ยป
|
|