Scanning

Ports

Recall how we reviewed ports at the start of the semester? This will now come into play as we get into port scanning.  We will look heavily on nmap, but be aware that there are also other ones that you could use such as hping3 and scapy


With nmap you can find all live hosts on a network, what TCP and UDP ports are open, find OS versioning information and even figure out what version the service is running. Keep in mind that service used in this way would be a web server, email server or DNS server. 

Nmap In The Movies

Nmap is famous! It has appeared in several movies! This information is provided from the nmap website at https://nmap.org/movies/. All images are directly linked from the nmap website and I just zoomed in to show the nmap scans being done.  If you want to learn more about why nmap was used in the movies (and even see more movies it was used in) visit the nmap movies link previously provided.

Matrix reloaded nmap scan.

Matrix Reloaded

Ocean's 8 nmap scan.

Ocean's 8

Dredd nmap scan.

Dredd

Die Hard 4 nmap scan.

Die Hard 4

Below are several videos showing how to use nmap and conduct various scans.  In each video I discuss each scan and the results.

Ping Sweep

nmap -sn <network>/<CIDR>

TCP Full Open

nmap -sT IP_ADDRESS

SYN Scan (Half Open)

nmap -sS IP_ADDRESS

Xmas Tree Scan

nmap -sX IP_ADDRESS

Fin Scan

nmap -sF IP_ADDRESS

Null Scan

nmap -sN IP_ADDRESS

UDP Scan

nmap -sU --top-ports # IP_ADDRESS

OS Scan

nmap -O IP_ADDRESS

Service Version

nmap -sV IP_ADDRESS

Putting It All Together

Keep in mind that you can link scans together! 

Below you will find a NMAP QUick Reference Guide from Professor Messer. It also covers other options that nmap can do.  Please save a copy of it for your reference and future use. 

Hacking - NMap Quick Reference Guide.pdf

WebMap

This is a great tool that you can use to organize your Nmap scans. It can also help in assisting with your documentation for the end report.  To start you will need to install docker:

sudo apt update

sudo apt install -y docker.io

sudo systemctl enable docker --now

sudo usermod -aG docker $USER

Once you have completed these commands, log out and log back in.  This video shows you how to use WebMap and start the Docker Container.