Scanning
Ports
Recall how we reviewed ports at the start of the semester? This will now come into play as we get into port scanning. We will look heavily on nmap, but be aware that there are also other ones that you could use such as hping3 and scapy.
With nmap you can find all live hosts on a network, what TCP and UDP ports are open, find OS versioning information and even figure out what version the service is running. Keep in mind that service used in this way would be a web server, email server or DNS server.
Nmap In The Movies
Nmap is famous! It has appeared in several movies! This information is provided from the nmap website at https://nmap.org/movies/. All images are directly linked from the nmap website and I just zoomed in to show the nmap scans being done. If you want to learn more about why nmap was used in the movies (and even see more movies it was used in) visit the nmap movies link previously provided.
Matrix Reloaded
Ocean's 8
Dredd
Die Hard 4
Below are several videos showing how to use nmap and conduct various scans. In each video I discuss each scan and the results.
Ping Sweep
nmap -sn <network>/<CIDR>
TCP Full Open
nmap -sT IP_ADDRESS
SYN Scan (Half Open)
nmap -sS IP_ADDRESS
Xmas Tree Scan
nmap -sX IP_ADDRESS
Fin Scan
nmap -sF IP_ADDRESS
Null Scan
nmap -sN IP_ADDRESS
UDP Scan
nmap -sU --top-ports # IP_ADDRESS
OS Scan
nmap -O IP_ADDRESS
Service Version
nmap -sV IP_ADDRESS
Putting It All Together
Keep in mind that you can link scans together!
Below you will find a NMAP QUick Reference Guide from Professor Messer. It also covers other options that nmap can do. Please save a copy of it for your reference and future use.
WebMap
This is a great tool that you can use to organize your Nmap scans. It can also help in assisting with your documentation for the end report. To start you will need to install docker:
sudo apt update
sudo apt install -y docker.io
sudo systemctl enable docker --now
sudo usermod -aG docker $USER
Once you have completed these commands, log out and log back in. This video shows you how to use WebMap and start the Docker Container.