Port Scanning with Nmap

-

Port Scanning

its the process of checking the open ports on a network or a single host. 

What is a port?


Port is a communication endpoint. it’s the identity of a specific service/protocol running on a smart machine.


There total number of 65535 port numbers of TCP and UDP. 
from 0 - 1024 ports are called well-known ports because they are assigned for the most commonly used services like: 
TCP
  • HTTP 80 / HTTPS 443
  • FTP - 20, 21  File Transmission Control/Command Control
  • SSH     -  22
  • Telnet   -  23
  • SMTP   - 25
  • POP3   - 110
  • SMB    - 139 + 445
  • IMAP   - 143

UDP
  • DNS    - 53
  • DHCP - 67, 68
  • TFTP  - 69
  • SNMP - 161


What is TCP/IP?

it stands for Transmission Control Protocol / Internet Protocol. It determines how a computer or device should be connected to the internet and how
data should be transmitted between two computers.

In simple words, when you want to visit a company so will get a Visitor ID card same as that, we you want to connect to the internet your computer or
mobile devices get an ID (IP Address).

It checks for errors that if any packet is dropped during the transmission, if so, it will resend the packet. for example when you send a text message on watsup or facebook,
your friends receives the same text as you sent him there’s no lost portion in you text message.
A TCP connection is established by the help of 3-way handshake so when you upload or download, a TCP connection establishes and the connection 
will be closed when uploading/downloading is done. That’s why TCP is called reliable or connection oriented.


What is UDP?

It stands for User Datagram Protocol. Datagram is a transfer unit.
we use UDP for broadcasting and multicasting like video call, voice call playing online video games etc.
UDP focuses on delivering it doesn’t check for errors that if any data is lost during the transmission for Example: Facebook and Watsup messenger
uses UDP for video and voice calling so when you have slow internet connection you’ll not hear or see clearly because the data or packets are lost during the transmission.


2 methods to scan TCP ports


  1. Connect
    it completes 3 way handshake on a specific port.
  2. SYN/Stealth Scan
    it is a TCP port Scanning method that involves only SYN packet without completing 3 way handshake.


    What is a 3 way Handshake?

    — Complete handshake means that whenever you scan a machine actually you send a SYN packet and if the port is open you’ll get SYN+ACK packet
    reply from target machine and again you send ACK 

    — if the port is open it should send SYN + ACT packet.

    we call it Stealth because it used to open halfway connection in the old firewalls and it was not able to log the scanning or traffic but new firewall are able to detect the scanning.


Complete Handshake is 3-way handshake



 TCP is connection-oriented and UDP is stateless so it doesn’t involve 3-way handshake mechanism. if the UDP port is open, there should be no reply coming back to target but we will get a ICMP packet instead.

UDP port scanning is unreliable because firewalls and routers have the option to drop UDP packets so it will mislead us.


How 3-way handshake terminates? 

client sends FIN packet then the server sends FIN+ACK packet to client then clients replies back with ACK packet and the connection is terminated.


Tool for port scanning: 

Nmap tool is one of the most popular scanning tool with enormous features.

The default Nmap scanning scans 1000 popular ports which generates 7 KBs of traffic but if we want to scan all the ports (65535), it will generate 4MB of traffic.


Options
Name
Description
Usage
-sS
TCP SYN scan
It is a half-open scanning. The quickest way to scan 1000 ports. 
nmap -sS 192.168.0.1
-sT
TCP Connection scan
3way handshake completes
nmap -sT 192.168.0.1
-sU
UDP scan
sends UPD packet to every port
nmap -sU 192.168.0.1
-sN
TCP NULL scan
NULL packet or zero flag set
nmap -sN 192.168.0.1
-sn
Ping/sweep scan
it pings if the target is up
nmap -sn 192.168.0.1
-v
verbosity
it gives you more information after the scan completes
nmap -sV 192.168.0.1 -v
-O
Check OS
it shows the Operating System version. 
nmap -O 192.168.0.1
-T4
Timing 
-T0 = paranoid, -T1 = sneaky, -T2 polite, -T3 = Normal,
 -T4 aggressive, -T5 = insane. higher is faster
nmap -T4 192.168.0.1
-sV
Enumerate
if an open port is found, it will detect that which service is running on that.
nmap -sV 192.168.0.1
-A
OS + Services
it checks the OS as well as Services
nmap -A 192.168.0.1
-Pn
Skip discovery
it means not to check if a port is open or close just  assume that its up and open
nmap -Pn 192.168.0.1

Comments

Post a Comment

Popular posts from this blog

Solving Computer Forensics Case Using Autopsy

-
Image
  Computer Forensics is the well-planned series of procedures and techniques used for obtaining evidence from computer systems and storage media. This evidence can then be analyzed for relevant information that is to be presented in a court of law. This article focused on a particular case and a forensic tool to give you a ‘feel’ of what computer forensics investigations are like. However, it is in no way comprehensive enough to cover the variety of problems and complications faced by the investigator.   Scenario  A complaint was made to the authorities describing alleged Wi-Fi hacking activity. When the authorities reached the spot, they found an abandoned Dell computer which is suspected that this computer was used for hacking purposes. Schardt uses "Mr.Evil" nickname when he goes online. He is also accused of parking his car in wireless range (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numb...
Read more

Pentesting - Exploitation Guide Metasploitable 1

-
Image
Metasploitable Metasploitable is an Ubuntu 8.04 server installed on a VMWare 6.5 image with a number of vulnerable packages included, which can be run on most virtualization software. You can grab your copy at Vulnhub – Metasploitable I used Kali Linux for attacking and VirtualBox for virtualization. Information Gathering nmap is a great tool for scanning ports and finding network services on a machine. We will run nmap with the following options: -sV to probe open ports for service and version info -O to fingerprint and try to guess the operating system -p1-65535 to do a complete port scan root@kali:~# nmap -sV -O 192.168.0.14 -p1-65535 Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-12 16:46 MDT Nmap scan report for 192.168.0.14 Host is up (0.00073s latency). Not shown: 65522 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.1 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) 23/tcp open telnet Linux telnetd 25/tcp open smtp Postfix smtpd 53/tcp open...
Read more

The Main Cyber Threats Facing the Aviation Industry

-
Image
  Introduction The aviation industry, one of the most critical sectors in global transportation, is heavily dependent on interconnected technologies, which also makes it a lucrative target for cybercriminals. With each advancement in technology, there comes a new set of cyber risks that threaten the confidentiality, integrity, and availability of essential systems in the aviation ecosystem. The consequences of cyberattacks on the aviat ion industry can be catastrophic, ranging from flight delays to data breaches, physical harm to passengers, and even financial devastation for airlines and airports. As technology continues to evolve in aviation, so too do the cybersecurity challenges. In this comprehensive blog, we will explore the major cyber threats in the aviation industry and dive into best practices, standards, and risk assessments to mitigate these threats. 1. Overview of Cyber Threats in Aviation The aviation industry is complex, involving many interdependent systems such as ...
Read more