Port Scanning with Nmap
Port Scanning
its the process of checking the open ports on a network or a single host.
What is a port?
Port is a communication endpoint. it’s the identity of a specific service/protocol running on a smart machine.
from 0 - 1024 ports are called well-known ports because they are assigned for the most commonly used services like:
TCP
UDP port scanning is unreliable because firewalls and routers have the option to drop UDP packets so it will mislead us.
The default Nmap scanning scans 1000 popular ports which generates 7 KBs of traffic but if we want to scan all the ports (65535), it will generate 4MB of traffic.
- HTTP 80 / HTTPS 443
- FTP - 20, 21 File Transmission Control/Command Control
- SSH - 22
- Telnet - 23
- SMTP - 25
- POP3 - 110
- SMB - 139 + 445
- IMAP - 143
UDP
- DNS - 53
- DHCP - 67, 68
- TFTP - 69
- SNMP - 161
What is TCP/IP?
it stands for Transmission Control Protocol / Internet Protocol. It determines how a computer or device should be connected to the internet and how
data should be transmitted between two computers.
In simple words, when you want to visit a company so will get a Visitor ID card same as that, we you want to connect to the internet your computer or
mobile devices get an ID (IP Address).
It checks for errors that if any packet is dropped during the transmission, if so, it will resend the packet. for example when you send a text message on watsup or facebook,
your friends receives the same text as you sent him there’s no lost portion in you text message.
data should be transmitted between two computers.
In simple words, when you want to visit a company so will get a Visitor ID card same as that, we you want to connect to the internet your computer or
mobile devices get an ID (IP Address).
It checks for errors that if any packet is dropped during the transmission, if so, it will resend the packet. for example when you send a text message on watsup or facebook,
your friends receives the same text as you sent him there’s no lost portion in you text message.
A TCP connection is established by the help of 3-way handshake so when you upload or download, a TCP connection establishes and the connection
will be closed when uploading/downloading is done. That’s why TCP is called reliable or connection oriented.
What is UDP?
It stands for User Datagram Protocol. Datagram is a transfer unit.
we use UDP for broadcasting and multicasting like video call, voice call playing online video games etc.
we use UDP for broadcasting and multicasting like video call, voice call playing online video games etc.
UDP focuses on delivering it doesn’t check for errors that if any data is lost during the transmission for Example: Facebook and Watsup messenger
uses UDP for video and voice calling so when you have slow internet connection you’ll not hear or see clearly because the data or packets are lost during the transmission.
uses UDP for video and voice calling so when you have slow internet connection you’ll not hear or see clearly because the data or packets are lost during the transmission.
2 methods to scan TCP ports
- Connect
it completes 3 way handshake on a specific port.
- SYN/Stealth Scan
it is a TCP port Scanning method that involves only SYN packet without completing 3 way handshake.
What is a 3 way Handshake?
— Complete handshake means that whenever you scan a machine actually you send a SYN packet and if the port is open you’ll get SYN+ACK packet
reply from target machine and again you send ACK
— if the port is open it should send SYN + ACT packet.
we call it Stealth because it used to open halfway connection in the old firewalls and it was not able to log the scanning or traffic but new firewall are able to detect the scanning.
Complete Handshake is 3-way handshake
TCP is connection-oriented and UDP is stateless so it doesn’t involve 3-way handshake mechanism. if the UDP port is open, there should be no reply coming back to target but we will get a ICMP packet instead.
UDP port scanning is unreliable because firewalls and routers have the option to drop UDP packets so it will mislead us.
How 3-way handshake terminates?
client sends FIN packet then the server sends FIN+ACK packet to client then clients replies back with ACK packet and the connection is terminated.
Tool for port scanning:
Nmap tool is one of the most popular scanning tool with enormous features.
The default Nmap scanning scans 1000 popular ports which generates 7 KBs of traffic but if we want to scan all the ports (65535), it will generate 4MB of traffic.
Options
|
Name
|
Description
|
Usage
|
-sS
|
TCP SYN scan
|
It is a half-open scanning. The quickest way to scan 1000 ports.
|
nmap -sS 192.168.0.1
|
-sT
|
TCP Connection scan
|
3way handshake completes
|
nmap -sT 192.168.0.1
|
-sU
|
UDP scan
|
sends UPD packet to every port
|
nmap -sU 192.168.0.1
|
-sN
|
TCP NULL scan
|
NULL packet or zero flag set
|
nmap -sN 192.168.0.1
|
-sn
|
Ping/sweep scan
|
it pings if the target is up
|
nmap -sn 192.168.0.1
|
-v
|
verbosity
|
it gives you more information after the scan completes
|
nmap -sV 192.168.0.1 -v
|
-O
|
Check OS
|
it shows the Operating System version.
|
nmap -O 192.168.0.1
|
-T4
|
Timing
|
-T0 = paranoid, -T1 = sneaky, -T2 polite, -T3 = Normal,
-T4 aggressive, -T5 = insane. higher is faster
|
nmap -T4 192.168.0.1
|
-sV
|
Enumerate
|
if an open port is found, it will detect that which service is running on that.
|
nmap -sV 192.168.0.1
|
-A
|
OS + Services
|
it checks the OS as well as Services
|
nmap -A 192.168.0.1
|
-Pn
|
Skip discovery
|
it means not to check if a port is open or close just assume that its up and open
|
nmap -Pn 192.168.0.1
|
Comments
Post a Comment