Craig discusses one of the security tools he uses and why you should use it too.
For more tech tips, news, and updates, visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] Remember everybody, don’t open those email attachments. I’m going to talk about a new tool released out there that if you’re involved with security, you probably need it. So here we go.
Hi everybody. Craig Peterson here.
I want to talk right now about this great tool that I’ve been using for decades now, I think. It’s called Nmap. Now it’s something that I cover. In my cybersecurity mastery course, but it’s something you can do to learn a lot about yourself online. There are YouTube videos about it and many others. But the idea behind Nmap is to be able to check and see what’s on your network and not just what’s on your network, it’ll also tell you about what that particular device is, and it just does a whole bunch of things for threat management. It’ll check ports. Some of this stuff can go so far as to actually try and break into the systems. Now, Nmap isn’t designed to do that. It really is using fingerprints to figure out the operating system that’s in use, which is really handy.
Particularly for the internet of things devices that might be attached to your network.
This is great for home use, as well.
If you’re a little bit of a techie, they have new protocol libraries. They’ve got payloads. Now that they’ve added for host discovery, port scanning version detection, which is really important to make sure that you have the latest version of different software on your systems. So you’re not running something outdated.
They’ve fixed a whole bunch of bugs. They’ve got some different improvements and code quality improvements. But one of the biggest things is that they’re using a new driver for raw packet capturing and sending out on the windows side and the Unix side it’s been stable forever, but on the windows side, there’s never been a really great way to do this.
There’s something called WinPCap, but that driver has not been updated in the last seven or eight years. It doesn’t always work on windows 10. It’s using deprecated Windows APIs.
I know this is a lot of. TLAs write three-letter acronyms for everybody out there.
But bottom line, there is a new driver that lets software like Nmap send and receive its own packets it creates.
Normally if you are writing just regular old software where you would open a network connection to a server and then speak whatever protocol you wanted to. You would ask the operating system, Hey, open up a TCP session on port 82, this web server, and so on that remote server. Obviously, I had to get them an IP address, ultimately on that far server.
There’s a web server and it’s listening for requests on port 80. That TCP session requires five packets going back and forth, and then it’s established, and then you send your get requests. So it would be like getting space HTTPS slash one dot one or whatever it might be. Whatever version of the HTTP protocol you’re trying to use space. then the file you want and the server name. Then the remote server responds. It goes back and forth. There are a lot of packets that are exchanged between your computer and the remote computer, whether it’s a web server remotely, or might be a file server remotely could be almost anything remotely.
There’s a lot going on if you’re trying to do diagnosis on the network, if you’re trying to figure stuff out, you want to get down to that level. Really.
Remember I said, though, that the initial TCP session took five packets in order to set it up. That takes quite a bit of time in internet time because those packets have to go back and forth.
Google, in fact, came up with a new version of the protocol that requires less handshaking going on.
Software like Nmap that is going to connect to that web server itself wants to see all of the packets. It does not want the operating system to be sitting there, setting up the connections, and sending the data back and forth. It wants to do it.
That’s the whole idea behind the raw packet capturing and creating is all about. On, the Unix world, which includes Linux, Mac OOS, solarise BSD they’ve had great packet capture. Code running forever, but this is brand new for Windows. So if you’ve tried it before and it didn’t always work, try it again. Nmap N M A P online, just do a search for it, or you can download it from the Nmap.org, N M A P.org.
As I said, this is one of the tools we teach and answer questions about in my cybersecurity mastery course, because it’s just so important. So Nmap is basically a command-line type program, but there’s something called Zenmap that you can get as well as right there on the Nmap.org site that gives you a graphical front end.
If you would like to tinker you probably we should grab it and download it. It’s already compiled. Although you can get the source code for you can also check signatures, GPG, signatures, and SHA one hash is for the different releases they’ve got install, guides, everything. They try and make it very easy for you.
The idea is once you have it there on your computer, You can then go ahead and run the latest release, which is right there on the homepage again. Nmap that’s November Mike Alpha, Papa N M A P.org. You can just download it from right there and you’re off and running. It is very handy.
So you run it against your network. It’s gonna come back now and show you a whole bunch of information that you need on your network. So there are penetration testing uses, Nmap defense, of course, uses Nmap. There’s a bunch of stuff. Password audits, vulnerability, scanners, just all kinds of stuff that you can use right there. On the Nmap.org site. This is going to take you off-site.
Now, if you’re on a Unix distribution, like a Linux distribution, You can just grab RPMs for your distribution, whatever it might need be. If you’re on a Mac, I think brew has it use brew. That’s what I use all of the time for managing third-party software. Like this open-source stuff. It’ll just download and install it for you, which is really cool.
Use the least concept of least privilege. Which is what you really want to do.
They’ve got a, they’ve got a reference guide that’s showing you absolutely everything.
There’s an SSH service that it discovered on this machine. It’s going to tell you which version of SSH it is. It’s going to tell you what the operating system is. It’s going to give you a key that you can use now to distinctly or uniquely, I should say, I say, identify what it is.
I’m looking right now at a scan and it’s showing me there’s an SSH service. That’s what I use in order to connect remotely to a computer and do command line stuff. It’s showing me that there is an open Apache server, which is a web server. And it even tells me the version it’s HTTPD protocol, a 2.2 0.14 running Ubuntu. Very handy stuff, because you can then feed this into other tools to know.
Is it up to date? Do I need to do updates? In fact, this Nmap stuff is used as the basis for the code that uses. Cause we’ll use Nmap, it’ll do scans, it’ll find stuff and create a database. Then we take that database back.
If you have us do an audit for you, for instance, you give us the database. We don’t even have to run the software. You just run it. It does all of his scans, puts it in a database. You send the database back to us in a zip file. We run it into a whole bunch of process software that lets us know exactly what’s going on and also compares the versions.
Check it out. Nmap. November Mike alpha, Papa dot org. Absolutely valuable tool for everybody.
Hey, we’re going to talk about paying ransoms when we get back in and what Tyler technologies did and why. So stick around.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: