Let’s Look at Port Scanning using NMAP
Goals and Learning objectives:
a. Basic concepts about Ports
b. Port Scanning
c. What is NMAP
d. NMAP usage
e. Ports and Security hand-in-hand
a. Basic Concepts about Ports:
What do we mean by ports? Ports are communication endpoints, which provides us logical information about services running. Ports are depicted by numbers and each port can have only one service running. There are total of 65,535 ports out of which 1 to 1024 are the most common.
Ports are used in combination with IP address to link services running using internet. For example, HTTP port is 80 and so if a site is running on 80 port it’ll be shown as IP_ADDRESS:80 where 80 is port number.
Various services use ports to communicate a system with internet. Like SSH uses port number 22 by default. But we have the option of changing these default port numbers to our needs.
Now as we know that HTTP is not secure, HTTPS was developed. And since port 80 is already being used by HTTP, we assign port number 443 for HTTPS over SSL/TLS. There are many services which have a secure version running on another port and can be used to increase security.
b. Port Scanning:
Port Scanning is the methodology of scanning various network ports for open ports.
It is usually associated with harmful acts by any attacker or network administrators who check for vulnerable services to prevent various attacks.
c. What is NMAP:
NMAP stands for “Network Manager”, is a command line interface-based tool used for network discovery and security auditing. It is used by both security researchers and network administrators to find security flaws.
It is one of the best available tools available in market and is open-source as well.
It uses raw packets to identify the services running (if being used on a single system) or various hosts in a network. The option of being used on a large network or an individual system is something which makes it very useful.
It can be used to identify whether a particular port is open or closed, and if open then what kind of service is being run and to some extent its version can also be identified.
d. NMAP usage:
Here I’ll show basic NMAP commands.
o -sp: This is used for basic pinging a system or network.
o -sS: TCP SYNC scan
o -sU: UDP scan
o -O: OS fingerprinting/scanning
o -sV: Identifying version of services running
o -p-: Scan all 65,535 ports
o -p [port number 1, port number 2, etc.]: Scanning manual ports
e. Ports and Security hand-in-hand:
Now one can ask how are ports and security related to each other? The answer is simple, if some service which is unnecessary is running then your system or network maybe vulnerable. Also, if a service in not regularly updated/patched and is not configured correctly then it makes you highly vulnerable to attackers.
One more thing to avoid being hacked is using services which use secure ports like 443 for HTTPS instead of port 80 and HTTP. Also know vulnerable services like telnet must seldomly used unless it is required. Otherwise the chances of getting attacked increases.
If you liked the story and want to appreciate us you can clap as much as you can. Appreciate our work by your constructive comment and also you can connect to us on….
LinkedIn : https://www.linkedin.com/company/society-of-ai
Website : https://www.societyofai.in/