Firewall Probing with Zenmap
Zenmap is a graphical frontend for the command line program "nmap". Zenmap is available for Windows, Linux, FreeBSD, and Mac OSX. To learn more, and to download Zenmap, visit http://nmap.org/zenmap/
You can use Zenmap/nmap to scan computers or other devices on a network for vulnerabilities. You can use it to determine what ports are open and closed on your devices, and to monitor how much information your machines are broadcasting. Because of this, Zenmap is an excellent tool for monitoring and securing your network and its attached devices.
I have linked a screencast of myself demonstrating Zenmap at the bottom of this page. If you are a visual learner and want to skip all of the writing, feel free to. The video is available up to 720p, and the text is quite legible when you fullscreen it.
1) Choosing a Target
The first step is to determine the target you wish to scan. You will get the most accurate results from servers that are located on the same network as you are. The more devices there are between you and the target device, and depending on the types of devices between you, the less accurate your results are going to be. The reason for this is that, especially when traversing over the internet, you are "probably" only going to be scanning the gateway that filters internet traffic to hosts on a larger network, rather than the computer you want to scan.
So what you want to do is set your network up so that you have as few devices between yourself and the target as possible. In the "target" box, enter the IP address of the host you wish to scan. You can also use hostnames, but to lower the risk of DNS resolution problems, I always use the IP address.
Target -> Type of Scan -> Execute
2) Choosing and Executing the Scan
There are several different types of scans available in Zenmap that allow you different options. You can do a quick scan, an intense scan, and intense scan without ping, etc. The type of scan you choose depends on your desired results. For most cases, an "Intense Scan" should suffice, unless the destination machine does not respond to ping. In the event that the target does not respond to ping, the scan will terminate early. If this happens, but you know the target is reachable and just not responding to a ping, use the scan type "Intense Scan, no ping".
Once you have entered the target's IP and selected the type of scan, click the "Scan" button to begin the scan. Depending on the speed of your network, the distance between you and the target, and the nature of the scan, it could take several minutes for the scan to complete. What you want to watch for in the main tab (Labeled Nmap Output) is the string of text "Nmap done". Once you see that, it's time to review our results.
Review the Results
Probably the most important thing I use Zenmap for is testing my firewalls. Once the scan has completed, the other tabs in the Zenmap interface will now be filled with information.
The "Ports / Hosts" tab of the interface will now list all of the ports discovered on the target, their status, and if available, the service and software listening on those ports. This tab is very handy for determining if a port you opened is actually open, or if you have ports open that should not be open.
The "Topology" tab effectively illustrates a "Traceroute" between you and the target, using a circular diagram. The more devices between you, the bigger and more complex the diagram will become. You can also save the diagram as a PNG image to your computer.
The "Host Details" tab will list things such as the type of operating system, uptime, the last time the target was rebooted, MAC address, IP address, and a summary of how many ports were found and in what state they were found.
Scans can also be saved in XML format so they can be re-opened later for review on other computers, or for your own record keeping purposes.
Zenmap is a free, open source, and powerful tool to help you monitor and improve the security of your networks and devices.
I have recorded a video of myself demonstrating the use of Zenmap below if you want some visual assistance in understanding what you're looking at.
I hope you find this walkthrough helpful. Comment with your suggestions below and I'll try to make sure I implement them in future articles.