Data traffic is constantly on the move in networks. The Nmap tool can be used to filter out specific data packets, for example, to determine whether users are storing data in cloud storage. Zenmap also provides administrators with a graphical interface for the tool, making it easier to ensure greater security.
Examine networks with Nmap and Zenmap
Nmap is used at the command line to monitor ports on computers on the network. With scripts and extensions, the tool can detect security vulnerabilities and incorrect configurations. If the monitoring is to take place with the graphical interface, admins can additionally rely on Zenmap.
The developers’ site also provides various free scripts that can be used to filter out special data packets, for example, connections to Dropbox or other cloud storage. Administrators can also create their own scripts via the Nmap Scripting Engine (NSE) to monitor traffic according to their own specifications.
Monitoring with Windows, Linux, and macOS X
Nmap is available for Windows, Linux, macOS X, and other operating systems. FreeBSD, OpenBSD, NetBESD as well as SunSolaris, Amiga, HP-UX, and IBM AIX can also be used to scan the network for security holes or unauthorized traffic.
For Windows, the developers provide a ZIP file with the command line version. To use Nmap via this archive, simply extract it; no installation is necessary. Those who wish to use Nmap in conjunction with Zenmap can use the self-extracting Windows installer. This must be installed on a PC, but it contains all the necessary prerequisites and also installs Zenmap at the same time.
To scan a computer or the network, or to display open ports of a network device, server or workstation, the easiest way is to open the graphical interface Zenmap GUI. Here the IP address or the name of the computer is entered in the upper left corner at “Target”. At “Profile” the type of scan process is selected. The actual process begins with the “Scan” button. The actual Nmap command used by Zenmap can be seen on the “Command” line.
In addition to scanning individual computers or network devices, entire subnets can also be scanned with Nmap. To do this, either specify the command directly on the command line or enter the command in Zenmap. For example, to scan an entire subnet for open ports, use the syntax nmap -sn <subnet>, for example nmap -sn 192.168.178.0/24. An IP address range can also be used: nmap <start IP address>-<last part of last IP address>, for example nmap 192.168.178.1-254.
Using scan scripts
Scripts are already available in the default installation. These are stored in the Scripts subdirectory. Nmap scripts have the file extension *.nse. To start a scan from a pre-written script, the command “nmap –script=” is entered in the “Command” line. Here “=” specifies the path and name of the script.
Read out scan results
In the graphical interface Zenmap the results can be read out best. After a scan has been completed, the endpoints that Namp has found and scanned can be found on the left side. The two buttons “Computers” and “Services” can be used to switch between the found endpoints and the found network services. In the lower area, the result can be filtered even better using the “Filter computers” button.
In the center of the window, there are several tabs that can be used to better examine the scan results. For example, on the Nmap Output tab, Zenmap displays the result that Nmap also displays on the command line. The Ports/Computers tab shows the ports found and other information about the selected device. The tab can thus be used to clearly check each device on the network.
Graphical display of the network in Zenmap
On the “Network Structure” tab, Zenmap can provide a graphical display of the network. Various settings for the display of the computers can be made via the different buttons “Computer Viewer”, “Fisheye” and “Controls”. The graphic can also be saved as PDF, PNG, or SVG at this point.
The “Calculator Details” tab can be used to display details about a calculator that were detected by scanning. The information includes computer name, operating system, open and closed ports, time of computer startup, and much more.
Compare scan results
Scan results can be saved to a file using the Save Scan\Scan menu item. Multiple such results can also be compared using Nmap to identify differences. Saved scan results are compared using the “ndiff” tool that is part of Nmap’s installation package. The command to do this is ndiff <file1> <file2>. More detailed results are output by Ndiff with the “-v” option. Such a comparison can also be made in Zenmap. For this purpose, the menu Tools\Compare Results is used in Zenmap.