Salı, Ağustos 27, 2019

Nmap ile belirli ağı (network'ü) tarayarak makine durumları hakkında bilgi alma - ağda boş IP bulma

Bu kısa yazımızda bir sistem / network yöneticisi olarak erişiminiz olduğu networkte bilgisayarların (sunucu, masaüstü) açık olup olmadığını ve boş IP lerin olup olmadığına nasıl bakacağınızı anlatacağım.

Linuxtaki Nmap komutuyla veya windowsta  Nmap - Zenmap GUI programıyla bu işlemi gerçekleştirebilirsiniz. Nmap'in dökümanlarından parametrelerin ne işe yaradığına bakabilirsiniz ancak ben doğrudan yukarıdaki ihtiyaca yönelik komut göstereceğim.

nmap -sn -v -n
Burada hedeflediğimiz /24 havuzunda networkü için tarama yapmak istiyoruz. 

Bu komutu Linuxta bu şekilde kullanabilir veya zenmap GUI üzerindeki command kısmına da yazabilirsiniz. Parametre açıklamaları:

-v -> kapalı(kullanılmayan) makineleri de yazar. verbose parametresi o esnada yapılan işlemleri de gösterdiğinden kapalı olan makineleri de görebilirsiniz.

-sn  -> port taraması yapmadan tara. Bu komut ICMP echo isteği, 443 portuna TCP SYN ,80 portuna TCP ACK ve varsayılan olarak ICMP zaman damgasını kullanarak konakçı (host) tespitini yapmaktadır.

-n -> reverse dns lookup yapmayı atla diyerek sadece IP lere bakar alan adlarına bakmaz.

Aşağıda da Nmap yardım dökümanlarından aldığım parametrelerin açıklaması yer almaktadır.

-sn (No port scan)
This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery probes. This is often known as a ping scan, but you can also request that traceroute and NSE host scripts be run. This is by default one step more intrusive than the list scan, and can often be used for the same purposes. It allows light reconnaissance of a target network without attracting much attention. Knowing how many hosts are up is more valuable to attackers than the list provided by list scan of every single IP and host name.
Systems administrators often find this option valuable as well. It can easily be used to count available machines on a network or monitor server availability. This is often called a ping sweep, and is more reliable than pinging the broadcast address because many hosts do not reply to broadcast queries.
The default host discovery done with -sn consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default. When executed by an unprivileged user, only SYN packets are sent (using a connect call) to ports 80 and 443 on the target. When a privileged user tries to scan targets on a local ethernet network, ARP requests are used unless --send-ip was specified. The -sn option can be combined with any of the discovery probe types (the -P* options, excluding -Pn) for greater flexibility. If any of those probe type and port number options are used, the default probes are overridden. When strict firewalls are in place between the source host running Nmap and the target network, using those advanced techniques is recommended. Otherwise hosts could be missed when the firewall drops probes or their responses.
In previous releases of Nmap, -sn was known as -sP.

-n (No DNS resolution)
Tells Nmap to never do reverse DNS resolution on the active IP addresses it finds. Since DNS can be slow even with Nmap's built-in parallel stub resolver, this option can slash scanning times.

-v (Increase verbosity level) , -v<level> (Set verbosity level)
Increases the verbosity level, causing Nmap to print more information about the scan in progress. Open ports are shown as they are found and completion time estimates are provided when Nmap thinks a scan will take more than a few minutes. Use it twice or more for even greater verbosity: -vv, or give a verbosity level directly, for example -v3.
Most changes only affect interactive output, and some also affect normal and script kiddie output. The other output types are meant to be processed by machines, so Nmap can give substantial detail by default in those formats without fatiguing a human user. However, there are a few changes in other modes where output size can be reduced substantially by omitting some detail. For example, a comment line in the grepable output that provides a list of all ports scanned is only printed in verbose mode because it can be quite long.


Hiç yorum yok:

Yorum Gönder