Saatnya ke TKP, pertama-tama tentunya Nmap sudah harus terintall pada komputer/laptop (OS Linux).
Cara Install Nmap
#sudo apt-get install nmap
Setelah terinstall saatnya bermain scanning jaringan dengan Nmap.
Kebetulan saya melakukan ini saat berada di cafe dan menikmatin hotspot secara gratis.Prinsip yang kami gunakan adalah Internet untuk rakyat harus gratis. Meskipun sebenarnya harus bayar di cafe tersebut saat mau menggunakannya.
Baiklah langsung saja mulai cara menggunakan command Nmap untuk mengetahui port yang terbuka di jaringan. Subnet jaringan di laptop saya adalah 192.168.0.0/24, anda bisa mengubahnya sesuai dengan subnet jaringan anda.
Cara bermain scan jaringan dengan Nmap
#uname -a;id;whoami;ifconig
Langkah Pertama
TCP Connect scanning pada network 192.168.1.0/24
command : nmap -v -sT 192.168.1.0/24
root@GoldenBoy:~# nmap -v -sT 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 07:56 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 07:56
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 07:56, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:56
Completed Parallel DNS resolution of 1 host. at 07:56, 0.03s elapsed
Initiating ARP Ping Scan at 07:56
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 07:56, 1.85s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 07:56
Completed Parallel DNS resolution of 254 hosts. at 07:56, 0.11s elapsed
Initiating Connect Scan at 07:56
Scanning 192.168.1.1 [1000 ports]
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 8080/tcp on 192.168.1.1
Discovered open port 3128/tcp on 192.168.1.1
Completed Connect Scan at 08:01, 6.21s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.00022s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
3128/tcp open squid-http
8080/tcp open http-proxy
Initiating Connect Scan at 08:01
Scanning 17 hosts [1000 ports/host]
…..
…..
…..
Host 192.168.1.138 is up (0.00067s latency).
Interesting ports on 192.168.1.138:
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:17:9A:3B:00:76 (D-Link)
Read data files from: /usr/share/nmap
Nmap done: 256 IP addresses (18 hosts up) scanned in 15.01 seconds
Raw packets sent: 493 (20.706KB) | Rcvd: 17 (714B)
Tahap Kedua
nmap TCP SYN (half-open) scanning
Command : nmap -v -sS 192.168.1.0/24
root@w00t:~# nmap -v -sS 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:13 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:13
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:13, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:13
Completed Parallel DNS resolution of 1 host. at 08:13, 0.02s elapsed
Initiating ARP Ping Scan at 08:13
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:13, 1.84s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:13
Completed Parallel DNS resolution of 254 hosts. at 08:13, 0.07s elapsed
Initiating SYN Stealth Scan at 08:13
Scanning 192.168.1.1 [1000 ports]
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 8080/tcp on 192.168.1.1
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 3128/tcp on 192.168.1.1
Completed SYN Stealth Scan at 08:13, 0.05s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.0000090s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
3128/tcp open squid-http
8080/tcp open http-proxy
Initiating SYN Stealth Scan at 08:13
Scanning 11 hosts [1000 ports/host]
….
….
Host 192.168.1.138 is up (0.000080s latency).
Interesting ports on 192.168.1.138:
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:17:9A:3B:00:76 (D-Link)
Host 192.168.1.140 is up (0.00030s latency).
All 1000 scanned ports on 192.168.1.140 are filtered
MAC Address: 44:87:FC:5A:5B:68 (Unknown)
Read data files from: /usr/share/nmap
……
Langkah Ketiga
nmap TCP FIN scanning
Command : nmap -v -sF 192.168.1.0/24
root@w00t:~# nmap -v -sF 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:18 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:18
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:18, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:18
Completed Parallel DNS resolution of 1 host. at 08:18, 0.03s elapsed
Initiating ARP Ping Scan at 08:18
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:18, 1.84s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:18
Completed Parallel DNS resolution of 254 hosts. at 08:18, 0.07s elapsed
Initiating FIN Scan at 08:18
Scanning 192.168.1.1 [1000 ports]
Completed FIN Scan at 08:18, 1.23s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.000011s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp open|filtered domain
80/tcp open|filtered http
3128/tcp open|filtered squid-http
8080/tcp open|filtered http-proxy
Initiating FIN Scan at 08:18
Scanning 11 hosts [1000 ports/host]
….
….
Host 192.168.1.129 is up (0.00028s latency).
All 1000 scanned ports on 192.168.1.129 are open|filtered
MAC Address: 00:25:11:03:F7:96 (Elitegroup Computer System CO.)
Host 192.168.1.138 is up (0.00075s latency).
All 1000 scanned ports on 192.168.1.138 are closed
MAC Address: 00:17:9A:3B:00:76 (D-Link)
Host 192.168.1.140 is up (0.00024s latency).
All 1000 scanned ports on 192.168.1.140 are open|filtered
MAC Address: 44:87:FC:5A:5B:68 (Unknown)
….. ……
Langkah Keempat
nmap TCP Xmas tree scanning
Digunakan untuk melihat apakah proteksi firewall masih berjalan dengan baik atau tidak.
Command : nmap -v -sX 192.168.1.0/24
root@w00t:~# nmap -v -sX 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:21 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:21
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:21, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:21
Completed Parallel DNS resolution of 1 host. at 08:21, 0.02s elapsed
Initiating ARP Ping Scan at 08:21
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:21, 2.06s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:21
Completed Parallel DNS resolution of 254 hosts. at 08:21, 0.07s elapsed
Initiating XMAS Scan at 08:21
Scanning 192.168.1.1 [1000 ports]
Completed XMAS Scan at 08:21, 1.23s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.0000060s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp open|filtered domain
80/tcp open|filtered http
3128/tcp open|filtered squid-http
8080/tcp open|filtered http-proxy
Initiating XMAS Scan at 08:21
Scanning 11 hosts [1000 ports/host]
….
….
Langkah Kelima
nmap TCP Null scanning
Digunakan untuk melihat apakah proteksi firewall masih berjalan dengan baik atau tidak.
Command : nmap -v -sN 192.168.1.0/24
root@w00t:~# nmap -v -sN 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:23 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:23
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:23, 0.24s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:23
Completed Parallel DNS resolution of 1 host. at 08:23, 0.03s elapsed
Initiating ARP Ping Scan at 08:23
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:23, 2.05s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:23
Completed Parallel DNS resolution of 254 hosts. at 08:23, 0.07s elapsed
Initiating NULL Scan at 08:23
Scanning 192.168.1.1 [1000 ports]
Completed NULL Scan at 08:23, 1.25s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.0000060s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp open|filtered domain
80/tcp open|filtered http
3128/tcp open|filtered squid-http
8080/tcp open|filtered http-proxy
Initiating NULL Scan at 08:23
Scanning 11 hosts [1000 ports/host]
….
….
Langkah Keenam
nmap TCP Windows scanning
command : nmap -v -sW 192.168.1.0/24
root@w00t:~# nmap -v -sW 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:28 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:28
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:28, 0.32s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:28
Completed Parallel DNS resolution of 1 host. at 08:28, 0.06s elapsed
Initiating ARP Ping Scan at 08:28
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:28, 2.42s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:28
Completed Parallel DNS resolution of 254 hosts. at 08:28, 0.13s elapsed
Initiating Window Scan at 08:28
Scanning 192.168.1.1 [1000 ports]
Completed Window Scan at 08:28, 0.09s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.0000090s latency).
All 1000 scanned ports on 192.168.1.1 are closed
Initiating Window Scan at 08:28
Scanning 11 hosts [1000 ports/host]
….
….
Langkah Ketujuh
nmap TCP RPC scanning
digunakan untuk mencari RPC services
Command : nmap -v -sR 192.168.1.0/24
root@w00t:~# nmap -v -sR 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:35 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:35
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:35, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:35
Completed Parallel DNS resolution of 1 host. at 08:35, 0.03s elapsed
Initiating ARP Ping Scan at 08:35
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:35, 2.05s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:35
Completed Parallel DNS resolution of 254 hosts. at 08:35, 0.08s elapsed
Initiating SYN Stealth Scan at 08:35
Scanning 192.168.1.1 [1000 ports]
Discovered open port 8080/tcp on 192.168.1.1
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 3128/tcp on 192.168.1.1
Completed SYN Stealth Scan at 08:35, 0.05s elapsed (1000 total ports)
Initiating RPCGrind Scan against 192.168.1.1 at 08:35
Completed RPCGrind Scan against 192.168.1.1 at 08:35, 1.20s elapsed (4 ports)
Host 192.168.1.1 is up (0.0000090s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain
80/tcp open http
3128/tcp open squid-http
8080/tcp open http-proxy
Initiating SYN Stealth Scan at 08:35
Scanning 12 hosts [1000 ports/host]
….
….
Langkah Kedelapan
digunakan untuk mencari port UDP yang terbuka
Command : nmap -v -O 192.168.1.0/24
root@w00t:~# nmap -v -O 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-19 08:39 WIB
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 08:39
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:39, 0.24s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:39
Completed Parallel DNS resolution of 1 host. at 08:39, 0.02s elapsed
Initiating ARP Ping Scan at 08:39
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:39, 2.05s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:39
Completed Parallel DNS resolution of 254 hosts. at 08:39, 0.08s elapsed
Initiating SYN Stealth Scan at 08:39
Scanning 192.168.1.1 [1000 ports]
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 8080/tcp on 192.168.1.1
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 3128/tcp on 192.168.1.1
Completed SYN Stealth Scan at 08:39, 0.05s elapsed (1000 total ports)
….
….
Langkah Kesembilan (Terakhir)
nmap remote software version scanning
Digunakan untuk mengetahui versi software pada port yang terbuka
Command : nmap -v -sV 192.168.1.0/24
root@w00t:~# nmap -v -sV 192.168.1.0/24
Starting Nmap 5.00 ( http://nmap.org ) at
08:46 WIB
NSE: Loaded 3 scripts for scanning.
Initiating ARP Ping Scan at 08:46
Scanning 192.168.1.0 [1 port]
Completed ARP Ping Scan at 08:46, 0.30s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:46
Completed Parallel DNS resolution of 1 host. at 08:46, 0.05s elapsed
Initiating ARP Ping Scan at 08:46
Scanning 254 hosts [1 port/host]
Completed ARP Ping Scan at 08:47, 2.21s elapsed (254 total hosts)
Initiating Parallel DNS resolution of 254 hosts. at 08:47
Completed Parallel DNS resolution of 254 hosts. at 08:47, 0.10s elapsed
Initiating SYN Stealth Scan at 08:47
Scanning 192.168.1.1 [1000 ports]
Discovered open port 8080/tcp on 192.168.1.1
Discovered open port 53/tcp on 192.168.1.1
Completed SYN Stealth Scan at 08:47, 0.06s elapsed (1000 total ports)
Initiating Service scan at 08:47
Scanning 4 services on 192.168.1.1
Completed Service scan at 08:47, 11.06s elapsed (4 services on 1 host)
NSE: Script scanning 192.168.1.1.
NSE: Script Scanning completed.
Host 192.168.1.1 is up (0.0000090s latency).
Interesting ports on 192.168.1.1:
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain ISC BIND 9.6.1-P2
80/tcp open http Apache httpd 2.2.12 ((Ubuntu))
3128/tcp open http-proxy Squid webproxy 2.7.STABLE6
8080/tcp open http-proxy HAVP anti-virus web proxy
....
....
Host 192.168.1.131 is up (0.00010s latency).
Interesting ports on 192.168.1.131:
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3000/tcp open ppp?
MAC Address: 00:1B:B9:AE:BB:F0 (Elitegroup Computer System Co.)
Service Info: OS: Windows
Host 192.168.1.138 is up (0.000092s latency).
Interesting ports on 192.168.1.138:
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
MAC Address: 00:17:9A:3B:00:76 (D-Link)
Service Info: OS: Windows
....
....
Sekian tutorial dari saya, semoga bermanfaat.
Tidak ada komentar:
Posting Komentar