[Dshield] NMAP/Ethereal primer

Mark Tombaugh mtombaugh at alliedcc.com
Wed Sep 24 13:40:10 GMT 2003


On Tuesday 23 September 2003 09:16 am, Louis Hablas wrote:
> With all of this said, I'm trying to gain a better understanding about the
> deeper layers of my network and have installed NMAP and Ethereal (WIndows
> versions).  Now I want to better understand how to use these tools most
> effectively.  Can anybody point me to some good, laymen's terms documents?
> I've looked at HELP in both cases, but I want to hear from the perspective
> of the experts out there and particularly would like to hear about the
> features I should focus on that will help me best understand...

Sounds like a TCP/IP port usage primer might be in order: 
<http://www.giac.org/practical/gsec/Arthur_Hunt_GSEC.pdf> 
NMAP can be used to quickly identify some types of problem hosts on your 
network. To search for suspected nachi zombies on your lan for example:
"nmap -sS -p 707 192.168.1.0/24" [scans 192.168.1.0/24 for hosts with tcp707 
(nachis control port) open]. 

hth,

-- 
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC. <http://www.usihost.com>






More information about the list mailing list