Nmap is an open-source, cross-platform tool used to scan networks and obtain information about services, operating systems, and vulnerabilities derived from the conjunction of these. In general, Nmap is used to scan the ports of one or more hosts.

A more exact definition is provided by the project’s website

Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

More about Nmap:

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

So if you are passionate about the world of computer security or auditing, then you need to learn how to use Nmap. Or at least get to know it.

Install Nmap on Linux

Fortunately, Nmap is available in the official repositories of many Linux distributions. So installing it will not be a problem for us.

In the case of distributions from the Debian family which includes Ubuntu and its derivatives such as Linux Mint in a terminal you have to execute

sudo apt update
sudo apt install nmap

On the other hand, in the case of the RHEL family including CentOS, Fedora, or Rocky Linux, you just need to run

sudo dnf install nmap

But you can also install it on OpenSUSE

sudo zypper in nmap

Then, to check that the installation has been successful, you can run

nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1j libssh2-1.9.0 libz-1.2.11 libpcre-8.39 libpcap-1.10.0 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Now we can use it.

Using Nmap on Linux

With Nmap installed correctly, you should be able to use it on your computer without any problems. We’ll go through several examples on how to use this tool.

To scan a host, you can run

sudo nmap [host]

For example

sudo nmap localhost

sample output:

Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-12 10:50 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Other addresses for localhost (not scanned): ::1
All 1000 scanned ports on localhost (127.0.0.1) are closed

As you can see some interesting information is displayed on the output screen which is useful for detecting problems.

To do a quick scan then you can use the -F option

sudo nmap -F [host]

You can replace [host] with the IP address of the computer you want to scan.

sudo nmap 192.168.2.3

Also, you can specify multiple hosts or IP addresses.

sudo nmap 192.168.2.3, 192.168.2.6, 192.168.1.1

Or a range

sudo nmap 192.168.2.3-20

In this case, it will scan IP addresses ranging from 192.168.2.3 to 192.168.2.20.

Another option is to scan the entire subnet

sudo nmap 192.168.1.1/24

You can change the frequency and timing of the network scans with the -T option and by specifying a number between 0-5, the higher the number the faster the scan.

For example

sudo nmap -T4 localhost

In this case response times will be lower and can be useful on slow or busy networks.

If you want to have information about the ports, you have to add the -p option and specify some or a range of ports

sudo nmap -p 25,80 192.168.2.1

In this case, the TCP port 25 and 80 of the host will be scanned.

If you want to scan UDP ports

sudo nmap -sU -p 25,80 192.168.2.1

Conclusion

Nmap is a vital tool for many sysadmin who need to find out some weaknesses.

The post How to install and use nmap on Linux appeared first on Linux Windows and android Tutorials.

Wireshark is a free and opensource web analyzer. It allows you to know from a quite technical point of view what is happening in your network. With this, you can make statistics, specific monitoring or simply know its traffic.

Some of the main features of Wireshark are:

• Deep inspection of hundreds of protocols, with more being added all the time.
• Live capture and offline analysis.
• Standard three-pane packet browser.
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
  The most powerful display filters in the industry.
• Rich VoIP analysis.

And many more. However, one of the most outstanding features is that it is cross-platform. In other words, you can install it on Windows, Linux, FreeBSD, Solaris, and other systems.

So, let’s install Wireshark.

1. Install Wireshark on Ubuntu 20.04/18.04

To install Wireshark more easily on Ubuntu 16.04, it is necessary to use a PPA repository of its developers. We have two options to install, the developing version or the latest stable version. I’ll show you the process for both, but in this post, I’ll install the stable version. If you use Ubuntu 20.04/ 18.04 this is not necessary.

If you want to install the development version:

Open a terminal and run:

:~$ sudo add-apt-repository ppa:dreibh/ppa
:~$ sudo apt update
:~$ sudo apt install wireshark

And that’s it.

Install the stable version:

It is always best to install the stable version of any program. That’s to avoid major bugs and surprises. It is clear that no application is free of bugs, but stable versions are less prone to them.

Open a Terminal and add the external repository with this command:

:~$ sudo add-apt-repository ppa:wireshark-dev/stable

Next, refresh the APT cache.

:~$ sudo apt update

Then install Wireshark.

:~$ sudo apt install wireshark

During installation, we will be asked if we want Wireshark to be available to all users member of wireshark group. Say yes.

And that’s it.

2. Configuring Wireshark

First, check the version of Wireshark installed.

:~$ wireshark -v

Next, add your current user to the wireshark group so you can use it without problems.

:~$ sudo usermod -a -G wireshark $USER

Now, change dumpcap permissions. With this you will make it possible to run without permission problems.

:~$ sudo chgrp wireshark /usr/bin/dumpcap
:~$ sudo chmod 750 /usr/bin/dumpcap
:~$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

After you do these steps, run Wireshark from the main menu.

Now, you can start to monitor your network.

Note: some case you need to run wireshark as root user.

Conclusion

Wireshark is a vital tool for many sysadmin or network enthusiasts. Its installation is quite simple but its power is almost unmatched.

Please share this post with your friends.

The post How to install Wireshark on Ubuntu 20.04/18.04? appeared first on Linux Windows and android Tutorials.