1
00:00:00,230 --> 00:00:06,350
As I mentioned before, Nmap network mapper is a free and open source utility for network discovery

2
00:00:06,350 --> 00:00:07,670
and security auditing.

3
00:00:08,600 --> 00:00:14,750
Many systems and network administrators also find it useful for tasks such as network inventory, managing

4
00:00:14,750 --> 00:00:19,220
service, upgrade schedules and monitoring, host or service uptime.

5
00:00:20,270 --> 00:00:24,200
So let's analyze the SNP service of our router using Nmap.

6
00:00:26,470 --> 00:00:34,330
So remember in the previous lecture we scanned the TCP ports and we saw that the port TCP 161 was closed,

7
00:00:34,810 --> 00:00:39,190
but we enabled the SNP service in the router with the default values.

8
00:00:39,190 --> 00:00:40,870
So it's supposed to be open.

9
00:00:41,850 --> 00:00:47,220
SNP uses the UDP protocol in general, so we should check the port.

10
00:00:47,250 --> 00:00:49,680
UDP 161 as well.

11
00:00:49,830 --> 00:00:52,620
So let's create another Nmap query.

12
00:00:54,180 --> 00:00:59,820
This time around, we'll use as Capital U to run a UDP scan.

13
00:01:00,920 --> 00:01:08,450
Identify the port scanned by P as a parameter 161 and 162.

14
00:01:09,670 --> 00:01:14,320
As Capital V for version detection and finally the IP address of our router.

15
00:01:15,310 --> 00:01:20,350
Great UDP scans take a little longer than TCP scans in general.

16
00:01:32,920 --> 00:01:36,520
So it took about two minutes and here are the results.

17
00:01:36,550 --> 00:01:41,770
Both UDP port 161 and 162 are open as expected.

18
00:01:43,620 --> 00:01:49,950
Now Nmap has a scripting engine and has a lot of useful scripts that come with the Nmap tool.

19
00:01:49,980 --> 00:01:54,700
By default, the extension of Nmap scripts is nsq.

20
00:01:55,110 --> 00:01:56,850
So let's find a few.

21
00:01:56,880 --> 00:02:02,130
Using the locate Linux command locate star NSC.

22
00:02:03,900 --> 00:02:06,120
Here are the Nmap scripts.

23
00:02:07,440 --> 00:02:12,330
Now I want to filter the scripts written for just the SNP service.

24
00:02:12,450 --> 00:02:18,210
Recall the command, put a pipe type grep SNP and hit enter.

25
00:02:18,700 --> 00:02:23,550
It'll show only the lines which contain SNP as the keyword.

26
00:02:24,270 --> 00:02:30,670
The SNP brute script is to find the community names of the service using the brute force attack.

27
00:02:30,690 --> 00:02:34,860
So let's create a new Nmap query to run this script.

28
00:02:35,730 --> 00:02:45,870
Nmap s uppercase U to scan udp ports P161 to scan the port 161 IP address of the router.

29
00:02:46,170 --> 00:02:47,820
Script to run the script.

30
00:02:47,820 --> 00:02:50,040
And finally the name of the script.

31
00:02:50,730 --> 00:02:52,350
SNMp Brute.

32
00:02:56,930 --> 00:02:59,060
And here's the result.

33
00:02:59,540 --> 00:03:04,070
Nmap found two community names, public and private.

34
00:03:04,400 --> 00:03:05,750
That's just perfect.