Nmap is the most popular online port scanner and a part of hosted security tools. Using Nmap allows you to scan perimeter network devices and servers from an external perspective ie outside your firewall. Nmap will run on the Windows system but you are recommended to use Linux because Nmap works better and is faster under Linux. Also, Linux-based systems are a great way to get access to a wide selection of security tools. In this article, you will learn How To Scan Ports With Unprivileged User On Nmap. Also, if you are going to purchase your own Linux VPS, available packages of Eldernode would be what you need.
Table of Contents
Tutorial Scan Ports With Unprivileged User On Nmap
The Network mapper is a free and open-source network scanner. It is designed to analyze, secure, and explore networks. You can use Nmap to discover hosts and services on a computer network by sending packets and analyzing the responses all in an easy-to-use manner. In the following, you will learn about ports, port scanners, and the way you can scan ports with Unprivileged User On Nmap.
Ports are using to distinguish between communication channels and are designed to identify specific applications in use on a single machine. While different kinds of services use different ports by default, Ports are numbered addresses for network traffic. In the next section, join us to explain Nmap Port Scanner and its function.
Nmap Port Scanner
Nmap has a variety of scan types. Let’s know about port scanning. The simple command nmap <target> scans the most commonly used 1,000 TCP ports on the host <target>, classifying each port into the state open, closed, filtered, unfiltered, open|filtered, or closed|filtered. Port configuration can cause a security risk, it’s critical to know which ports are open and which are blocked.
The Nmap port scanner can determine many things. Look at some of them below:
– Available hosts on the network
– The operating system running on the hosts
– Name and version of applications running on the hosts
– Type of firewalls being used on the hosts
Use the following simple command to scan your local network.
nmap -sV -p 1-65535 192.168.1.1/24
In this way, you can scan your local IP range and perform service identification -sV and finally scan all ports -p 1-65535. It will be TCP connect-based scan because you are running this as a normal user, and not root. So, to run it as a TCP SYN scan, you need to run the command with Sudo at the front.
How to run Nmap as an unprivileged user
When Nmap was released in 1997, root privilege was a serious limitation. But over time because of cheaper computers, internet access for most people, and prevalent desktop Unix systems, and available Windows version users do not need to access shared shell accounts. Since privileged users can send and receive raw packets (required root access on Unix systems), most of the scan types are only available for them. The unprivileged user tells Nmap to treat the user as lacking network raw socket and sniffing privileges to test, debug. It is also be used when the raw network functionality of your operating system is somehow broken. Since Nmap performs much of its functionally as a normal user, it can check if it has permissions to perform certain actions before falling back to safer behaviors. You can Nmap as an unprivileged user on Linux systems by using capabilities.
Nmap Port scanning With Unprivileged User
When we are talking about the unprivileged user, it means a user lacks raw socket privileges. As an administrator, you can scan ports to guarantee security. But it also provides more purposes such as create an inventory of machines and the services they offer can be useful for asset tracking, network design, policy compliance checks, software license tracking, availability testing, and network debugging. You will be able to scan the systems you own/operate or have permission to scan. You are recommended to scan ports with a privileged user. But while Nmap is scanning ports with an unprivileged user, you will face the below features :
1- Cannot create new packets
2- TCP connect scan
3- It uses the connect() system call
4- TCP connection is completed
5- It is slower
Open Port Scanning with Unprivileged User and OS Detection
You can use the command below to determine live hosts. So, you can start with a ping scan on an IP range:
nmap -sP 192.168.0.0-100
Also, you can use the following command to start an SYN scan with OS detection on one of the live hosts:
nmap -sS [ip address]-O
To start an open port scan with version detection, type:
nmap -sV 192.168.0.1 -A
You can also add -v to the command to increase the verbosity :
nmap -sV 192.168.0.13 -A -v
In this article, you learned How To Scan Ports With Unprivileged User On Nmap. Notice that scanning is fun but intrusive. You just need to have a basic knowledge of IP addresses and service ports to be able to start running a port scanner.