Skip to main content

Posts

Showing posts from June 20, 2017

Nmap: DNS (part-19)

Force Reverse DNS Resolution The -R parameter instructs Nmap to always perform reverse DNS resolution on the target IP address. Usage syntax: nmap -R [target] # nmap -R 64.13.134.52 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 17:22 Central Daylight Time Interesting ports on scanme.nmap.org (64.13.134.52): Not shown: 993 filtered ports PORT STATE 25/tcp closed smtp SERVICE 53/tcp open 70/tcp closed gopher 80/tcp open 110/tcp closed pop3 113/tcp closed auth domain http 31337/tcp closed Elite Nmap done: 1 IP address (1 host up) scanned in 9.38 seconds Output of a Nmap scan with reverse DNS enabled By default, Nmap will only do reverse DNS for hosts that appear to be online. The -R option is useful when performing reconnaissance on a block of IP addresses as Nmap will try to resolve the reverse DNS information of every IP address. The reverse DNS information can reveal interesting information about the target IP address (even if it is offline or blocking Nmap...

Nmap: how to traceroute (part-18)

Traceroute The --traceroute parameter can be use to trace the network path to the specified host. Usage syntax: nmap --traceroute [target] # nmap --traceroute scanme.insecure.org Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:01 CDT Interesting ports on scanme.nmap.org (64.13.134.52): Not shown: 996 filtered ports PORT STATE SERVICE 53/tcp open domain 70/tcp closed gopher 80/tcp open http 113/tcp closed auth TRACEROUTE (using port 113/tcp) HOP RTT ADDRESS 1 0.91 home (192.168.1.254) 2 24.40 99-60-32-2.lightspeed.wchtks.sbcglobal.net (99.60.32.2) 3 23.12 76.196.172.4 4 22.69 151.164.94.52 5 32.79 ex3-p12-0.eqdltx.sbcglobal.net (69.220.8.53) 6 32.74 asn2828-XO.eqdltx.sbcglobal.net (151.164.249.134) ... 13 74.90 ip65-46-255-94.z255-46-65.customer.algx.net (65.46.255.94) 14 75.01 scanme.nmap.org (64.13.134.52) Nmap done: 1 IP address (1 host up) scanned in 33.72 seconds Output of a traceroute scan The information displayed is similar to the traceroute or tracepath commands fou...

Nmap: how to PING (part-18)

ICMP Timestamp Ping The -PP option performs an ICMP timestamp ping. Usage syntax: nmap -PP [target] # nmap -PP 192.168.1.254 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:27 CDT Interesting ports on home (192.168.1.254): Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open 443/tcp open http https MAC Address: 00:25:3C:5F:5A:89 (2Wire) Nmap done: 1 IP address (1 host up) scanned in 1.83 seconds Performing an ICMP timestamp ping While most firewalled systems are configured to block ICMP echo requests, some improperly configured systems may still reply to ICMP timestamp requests. This makes -PP useful for attempting to solicit responses from firewalled targets. ICMP Address Mask Ping The -PM option performs an ICMP address mask ping. Usage syntax: nmap -PM [target] # nmap -PM 192.168.1.254 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-16 13:26 CDT Interesting ports on home (192.168.1.254): Not shown: 998 closed ports PORT STATE SERVI...