Port scanning with NMAP-1

Port scanning with NMAP

port scanning is active information gathering technique. Namp is used for port scanning & we will analyze the various scan techniques in detail./

Nmap provides lots of different modes for scanning the target machines. Here we will focus on four scans types namelt TCP connect scan , SYN Stealth scan , UDP scan and ACK scan. Let us move ahead and start vthe scanning process.

TCP connect scan :- is a basic & default scan of nmp. It follow three way handshake process to detect ports of target. Lets perform this to scan :-

root@debian:~# nmap -sT -p1-10000 192.168.2.46

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:34 IST

Nmap scan report for 192.168.2.46

Host is up (0.0015s latency).

Not shown: 9997 filtered ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)

Nmap done: 1 IP address (1 host up) scanned in 37.50 seconds

-sT parameter denotes that we want to perform TCP connect scan

-p parameter showa the rangr of ports we want to scan.

SYN scan :- is considered as stealth scanning as it never forms a complete sconnection between the target and scanner. It is also called half open scanning.

root@debian:~# nmap -sS 192.168.2.46

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:46 IST

Nmap scan report for 192.168.2.46

Host is up (0.00061s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)

Nmap done: 1 IP address (1 host up) scanned in 17.80 seconds

UDP scan :- is the techniques to identify open UDP ports on target.0-byte UDP packets are sent to the target & the recipient ofan ICMP port unreachable message shows the port is closed other wise considered open.

root@debian:~# nmap -sU 192.168.2.46

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:52 IST

Nmap scan report for 192.168.2.46

Host is up (0.00065s latency).

Not shown: 999 open|filtered ports

PORT STATE SERVICE

137/udp open netbios-ns

MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)

Nmap done: 1 IP address (1 host up) scanned in 19.53 seconds

ACK scan:- is a special scan which tells which ports are filtered or unfiltered by a firewall. It operates by sending TCP ACK frames to a remote port. If there is no response then it considered to be a filtered port. If the target returns an RST packet then the port is considered to be unfiltered port.

root@debian:~# nmap -sA 192.168.2.46

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:57 IST

Nmap scan report for 192.168.2.46

Host is up (0.00020s latency).

All 1000 scanned ports on 192.168.2.46 are filtered

MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)

Nmap done: 1 IP address (1 host up) scanned in 34.15 seconds