The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Published by Enhelion, 2020-01-09 08:35:10

Module_5

Module_5

MODULE 5



PORT SCANNING



What is Port Scanning?

Port scanning is a method used for determining which ports on a network are open. Ports on a
computer are the place where information is sent and received. Hence, port scanning is
analogous to knocking on doors to see if someone is home. Running a port scan on a network
or server reveals which ports are open and listening (receiving information), as well as revealing
the presence of security devices such as firewalls that exist between the sender and the target.
This technique is known as fingerprinting. It is also valuable to test network security and the
strength of the system’s firewall. Due to this application, it is also a popular reconnaissance tool
for attackers looking for a weak point of access to break into a computer.

Ports vary in their services offered. They are numbered from 0 to 65535, but certain ranges are
more frequently used. Ports 0 to 1023 are known as as the “well-known ports” or standard
ports. They have been assigned services by the Internet Assigned Numbers Authority (IANA).
Some of the most prominent ports and their assigned services include:

Port 20 (udp) – File Transfer Protocol (FTP) for data transfer
Port 22 (tcp) – Secure Shell (SSH) protocol for secure logins, ftp, and port forwarding
Port 23 (tcp) – Telnet protocol for unencrypted text commutations
Port 53 (udp) – Domain Name System (DNS) translates names of all computers on
internet to IP addresses
Port 80 (tcp) – World Wide Web HTTP

There are standard services offered on ports after 1023 as well. Open ports indicate an infected
system due to its popularity with some far-reaching Trojans and viruses. A port scan sends a
carefully prepared packet to each destination port number.



Test Parameters

Scan all ports when performing a test, not just the standard ports (1 - 1023)
Many programs use port numbers outside the range of standard ports
For instance, if port 655301 is open it is possible to check the information at the CVE
website for a possible vulnerability.

NMAP

Nmap (Network Mapped) is a network scanning and host detection tool that is very useful
during several steps of penetration testing. Nmap is not limited to merely gathering information
and enumeration, but it is also powerful utility that can be used as a vulnerability detector or a
security scanner. So Nmap is a multipurpose tool, and it can be run on many different operating
systems including Windows, Linux, BSD, and Mac. Nmap is a very powerful utility that can be
used for:

Host discovery: To detect the live host on the network
Port discovery or Enumeration: To detect the open ports on the host
Service discovery: To detect the software and the version to the respective port
Nmap scripts: To detect the vulnerability and security holes
Detecting the operating system, hardware address, and the software version

Nmap is a free, open-source port scanner available for both UNIX and Windows. NmapFE is an
optional graphical front-end and it supports a wide variety of scan types, each one with
different benefits and drawbacks.

Features of NMAP

1. Improved NSE Functionality
2. IPv6 Support
3. Faster network scanner
4. Better TLS/SSL scanning
5. OS detection
6. Service Discovery

Zenmap

Zenmap is an free and open source GUI designed to be used with Nmap. It is multiplatform tool
which supports Linux, Ubuntu, Mint, Kali, Fedora, CentOS, Windows, Mac OS X, BSD and many
more. While Nmap is very powerful tool for network scanning and vulnerability discovery, it is
completely command line based. Zenmap can be used by beginners to scan network and
discover vulnerabilities.

BASIC COMMANDS FOR NMAP

Scan a single host or an IP address (IPv4):

### Scan a single ip address ###
nmap 192.168.1.1

## Scan a host name ###
nmap server1.cyberciti.biz

## Scan a host name with more info###

nmap -v server1.cyberciti.biz




Scan multiple IP address or subnet (IPv4) :

Turn on OS and version detection scanning script (IPv4):


Find out if a host/network is protected by a firewall:


Scan a host when protected by the firewall:

Scan a network and find out which servers and devices are up and running:

This is known as host discovery or ping scan:

Show all packets sent and received:

For more commands you can refer to the official site of the NMAP.











TYPES OF PORT SCANS

Vanilla - An attempt to connect to all ports (there are 65,536)

Strobe - An attempt to connect to only selected ports (typically, under 20)
Stealth scan - Several techniques for scanning that attempt to prevent the request for
connection being logged

FTP Bounce Scan - Attempts that are directed through an File Transfer Protocol server to
disguise the cracker's location

Fragmented Packets - Scans by sending packet fragments that can get through simple
packet filters in a firewall
UDP - Scans for open User Datagram Protocol ports

Sweep - Scans the same port on several computers



Types of Port Scans commands

Scan using TCP connect : nmap -sT 192.168.1.1

Scan using TCP SYN scan (default) : nmap -sS 192.168.1.1

Scan UDP ports : nmap -sU -p 123,161,162 192.168.1.1

Scan selected ports - ignore discovery : nmap -Pn -F 192.168.1.1

References:

What is a port scan? –

https://www.paloaltonetworks.com/cyberpedia/what-is-a-port-scan

Nmap.docx – College of Engineering, Trivandrum
https://www.coursehero.com/file/35745216/NMAPdocx/


Click to View FlipBook Version