Network monitoring is a crucial service to prevent any unauthorized intrusions. Scanning of network issues will make us well informed of potential network attacks and help us to prepare mitigation plans to avoid them. Simple and easy interface which is GUI based help novice users to a better and quick understanding of options are more popular with people as they are cognitively easy to use. Command line interfaces force users to memorize and recall commands to do anything. GUI interfaces are used by most commercially available applications and made them more user friendly.
Today we will look at ‘ZENMAP’ which is a Network mapper tool. We will learn about its features , advantages and use cases.
Zenmap is an official Nmap Security scanner GUI (graphical user interface). It is a multi-platform , free and open source application which gives users a friendly interface. It has advanced features for experienced users. It has a command creator which lets interactive creation of Nmap command lines. Results of scans can be saved to review later and can be compared with one another (results of scans are stored in a database). It is a cross platform application available for Linux, Windows, and OS X.
Zenmap lets you create a topology map of discovered networks. It arranges its display to show all ports on a host or all hosts running a specific service. Results of multiple scans can be combined together for review and it has the ability to show the difference between two scans and identify what has changed from previous scan to now on hosts and help to easily track new hosts or services appearing on networks and disappearing services.
Features of ‘Zenmap’
- Zenmap keeps track of scans until deleted
- Zenmap command profiles make it easy to run same scan more than once
- No need for a shell script to do common scan
Pros and Cons of ‘Zenmap’
- Open source
- Lightweight and easy to set up
- Fast and flexible
- Allows to scan individual IP address , IP address ranges, and full subnets
- No option to change font style of output
- Sometimes scanning takes more time than usual
- Sometimes it does not identify operating system accurately
- Bit of learning curve to go from novice to power user
Installation of Zenmap
Zenmap is available free from: http://insecure.org
Zenmap installation on Debian, Ubuntu, and Linux Mint
$ sudo apt-get install Zenmap
$ sudo Zenmap
Zenmap analyses and displays the complete details related to hosts such as OS version, installed services, services status and uptime etc
Topology map of network in Zenmap
Zenmap’s “Topology” option provides an interactive , animated visualization of hosts connectivity. Hosts are represented as Nodes on interface and we can use controls to zoom in and zoom out.
On clicking a host, it becomes the new center and when a new scan is launched every new host and network path will be added to the topology automatically.
The topology view is very useful when combined with Nmap’s –traceroute option to discover network path to host.
Zenmap is ideally suited for security audits it can collect information about a scanned IP Address including number of open ports , last boot time, operating system and services running