Having a tool that can quickly, and regularly, take snapshots of your network landscape is critical to keeping tabs on your PCs. Of course you can shell out some budget dollars for a proprietary tool, but why bother when you can fire up a Linux machine and use the trusty Nmap tool for the job.

Nmap is a command line tool that rapidly scans a network gathering information about machines and ports. It is easy to use and flexible, making it perfect for the job of asset scanning. In this tutorial you will see how to set up a system that will regularly scan your network and create a report that can then be used to keep inventory of your networked machines.

Installing

Before we get to the actual scanning we need to install a couple of applications. Since I am using a Ubuntu system, we’ll run the installation using apt-get. With some simple modifications, you can do the same on a fedora system. The two applications to install are: nmap and ndiff. We use ndiff to compare the results of scans. To install these applications open up a terminal window and issue the following command:

sudo apt-get install nmap ndiff

You will have to accept dependencies, at which point the two applications will install. Upon completion of the installation, you are ready to scan.

Using nmap

Nmap is actually a fairly powerful tool. If you issue the command man nmap you will see just how powerful this tool is. You can also see how many arguments you can use with Nmap as well as what each argument does. Fortunately I will show you a simple command you can issue to make this a bit easier.

I am going to illustrate how these tools work together by running an nmap scan on a small internal network. I will then scan the network after making a change to one machine and see if ndiff catches the change.

The command for the scan is:

sudo nmap -n -PN 192.168.1.1/24 -O > network_scan

I will then run that same scan after making the change with one alteration:

sudo nmap -n -PN 192.168.1.1/24 -O > network2_scan


The above commands will output to the files network_scan, and network2_scan.

Once you have the two files you will compare them using the ndiff command like so:

ndiff -b network_scan -o network2_scan

The two options used are:

• b – Baseline.
• o – Observed.

You can think of Baseline as your control group.

Figure 1

The results of the command are shown in Figure 1.

The results show exactly what occurred in my network change. I shut down the machine associated with IP address 192.168.1.37.

Of course you could also get a much clearer picture of your network by combing through the results of the initial scan, but if you are looking for how your network topography has changed from scan to scan, using ndiff is the best way.

To see the full usage of both nmap and ndiff, take a look at the man pages. I will warn you, they are fairly complex. But this tutorial should give you a solid understanding of how the basics of the tools work.

• Port details
• Host details
• State
• Service
• Devices
• Addresses
• and much, much more

Nmap is one of those applications you will need to open anytime you see issues on your network, need to get information about hosts, track down an IP address, etc. Nmap is flexible, powerful, deployed all over the world (it is in the top 10 programs on Freshmeat), easy to use, well documented, cross platform (Linux, OS X, and Windows ) and (best of all) FREE!

But Nmap is a commmand-line only tool. Most users don’t want to monkey with the command line. Fortunately there are plenty of front-end tools for command line equivalents. For Nmap you can use the user-friend Zenmap. And how can you get up to speed quickly with Zenmap? Easy…you read this tutorial on how to run a scan on your entire LAN and then read the results.

Getting and installing

To install Zenmap you will have to install Nmap along with it. You can do this one of two ways: with Synaptic (or another GUI front end for your installation tool), or from the command line. To install via your Add/Remove Software tool follow these steps:

1. Open up your Add/Remove Software utility.
2. Search for Nmap.
3. Mark Nmap for installation.
4. Search for Zenmap.
5. Mark Zenmap for installation.
6. Click Apply to install.

Once installed you will see the entry for Zenmap in your Internet (or Network) sub-menu of your Applications or Main menu. You will want to run Zenmap as the root user because, most likely, your standard user will not have access to the networking devices.

Running Zenmap

Figure 1

When you fire up Zenmap you will see the main window (see Figure 1) which will be empty of scans (because none have been issued as of yet).

To start a new scan you can do one of two things: You can enter a target IP (or range), select the type of scan, and hit Scan. Or you can open up the Command Wizard to construct a much more specific type of scan.

If you opt for just entering in your target(s) here’s how it works. The first thing you do is enter a target IP address. If you want to use a range of addresses the address would look like this: 192.168.1.1-200. NOTE: There are no spaces in the address.

You then need to select the type of scan to run. There are eight different types of scans to run. The intense scan will give you the most information and the Operating System Detection will give you the least amount of information.

The second method of setting up a scan is the Command Wizard. When you click this button you will walk through the following steps:

• Novice/Expert: Select the level of configuration you want to use.
• Profile/Command: Create a new profile or create a command to run once.
• Profile Details: If you go the Profile route you will have to enter the profile details.
• Scan Type: TCP or Non-TCP scan types as well as inclusion of Services version and Operating system detection.
• Ping Options: ICMP, ACK, SYN, IPPronto, etc details (if needed).
• Scripting Options: If you need to add special scripts to your scan.
• Target Options: Exclude hosts as well as configure ports to scan.
• Source Options: Use decoys, set source address, set source port options if needed.
• Misc Options: Various options to include.

Once you have finished configuring your scan via the Wizard you can hit the Scan button. However, if you opted to go the Profile route you will need to select your new profile from the Profile dropdown list.

Scan results

Figure 2

After your scan has completed you can take a look at your scan results. There are five tabs that will give you various information about the scan. Obviously the Scan Details tab is where you will get a good summation of your scan. To get the low-level details of your scan take a look at the Nmap Output tab. As your scan is running this is the only tab you can view – and it will give you every piece of information you need.

Saving scans

A nice feature of Zenmap is the ability to save scans. Once you have a scan completed you can save your scan and open it for later viewing. The only downfall of this is the Nmap Output is a bit cramped together. While the scan is running the output is displayed in real time so it’s easy to read. When not in real time this output can really be a pain to get through. Fortunately, between the other tabs, you can get all of the information you need quickly and easily.

Final thoughts

Zenmap makes easy work out of the complicated Nmap command utility. If you have any need to map a network or analyze your network topography, Zenmap is the way to go.