Experiment No.

8
Awez Shaikh
211247
Cryptography and System Security
CSL 602
Computer Engineering
M.H. Saboo Siddik College of
Engineering

Aim— Download and install nmap. Use it with different options to scan open ports, perform OS fingerprinting,
do a ping scan, tcp port scan, udp port scan, xmas scan etc.

Keywords—Scan, Nmap, TCP, UDP

I. INTRODUCTION

A. PORT SCANNING:
Port scanning is a technique used in network security to identify open ports and services running on a
computer system. A port is a communication endpoint on a computer, and each port is associated with a
specific protocol or service. Port scanning is often used by both ethical hackers and malicious attackers to
identify vulnerabilities in a target system. The process involves sending packets of data to a range of ports on a
target computer to see which ports respond and what services are running on those ports. The information
gathered from a port scan can be used to identify potential entry points for attack, as well as to assess the
overall security of a network. It is important to note that port scanning is a potentially intrusive technique and
should only be
used with the appropriate permissions and legal authority.

There are several different types of port scans, including:

1. TCP Connect Scan - sends a SYN packet to each port and waits for a SYN-ACK response to determine if the
port is open.

2. UDP Scan - sends a UDP packet to each port and waits for an ICMP port unreachable message to determine
if the port is closed.

3. Stealth Scan - uses techniques such as sending spoofed packets or manipulating TCP flags to avoid detection
by intrusion detection systems (IDS).

4. Null Scan - sends a packet with no flags set to determine if the port is open or closed.

5. XMAS Scan - sends a packet with the FIN, PSH, and URG flags set to determine if the port is open or closed.

B. NMAP:
Nmap (short for "Network Mapper") is a free and open-source tool used for network exploration,
management, and security auditing. It is widely considered to be one of the most powerful and versatile
network scanning tools available. Nmap can be used to discover hosts and services on a computer network, as
well as to identify security vulnerabilities and misconfigurations. It does this by sending packets of data to a
range of ports on a target system and analyzing the responses. Nmap can also perform more advanced tasks
such as OS fingerprinting, version detection, and network mapping. The tool is often used by security
professionals, system administrators, and network engineers to identify and remediate security issues, as well
as to optimize network performance. Nmap is available for Windows, Mac OS, Linux, and other Unix-based
operating systems, and can be used both from the command line and via a graphical user interface (GUI).

POST LAB
 II. EXERCISES

1) Scanning all reserved TCP ports in verbose mode:

2) Scanning http and https ports (80 and 443):

3) Scanning SMTP service port:

4) Scanning the OS fingerprint and storing it in a txt file:

 III. OBSERVATIONS
Note: scanme.nmap.org and localhost were used to port scan.

1) When all reserved ports were scanned i.e., ports 0 to 1023, on scanme.nmap.org, 3 ports were found to be
open: port 22 (ssh), port (25) and port 80 (http). TCP stealth scan was used in this case.

2) When we scanned http and https ports, only port 80 (http) was found to be open, whereas port 443 (https)
was filtered. This makes sense as the website is hosted on and http server and doesn’t make use of https.
Therefore, it makes sense that traffic on https port was filtered.

3) When SMTP service ports (25,465,587,2525) were scanned, all of them were found to be filtered. Port 25
was being used for SMTP and port 465 was being used for SMTPS. However, port 587 and 2525, other
commonly used SMTP ports, were not being used for SMTP or SMTPS. All ports scanned were filtered
however.

4) When OS fingerprinting was performed on localhost, Nmap was unable to find an OS match in its database.
However, in the TCP/IP contained the name of the OS. This scan also displayed the open ports on the machine
and the number of closed ports.

5) The Nmap scan uncovered three destinations: 1.1.1.1 and two Google DNS servers, 8.8.8.8 and 8.8.4.4. The
first destination, 1.1.1.1, boasted a plethora of accessible ports, facilitating services like web hosting (HTTP and
HTTPS) and other functionalities. Conversely, the Google DNS servers primarily showcased open ports
dedicated to address resolution (DNS) and secure browsing (HTTPS).

IV. CONCLUSION

In conclusion, we have studied Port Scanning and how it can be done using a tool like Nmap. After performing
this experiment, we can say that Nmap can be used for both malicious and security purposes. An attacker
could use it to find the vulnerabilities of the system (open ports, outdated OS, etc.) whereas, it could also be
used for security audits and penetration testing.

REFERENCES

[1] G. Eason, B. Noble, and I. N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving products of
Bessel functions,” Phil. Trans. Roy. Soc.
London, vol. A247, pp. 529–551, April 1955. (references)
[2] J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892,
pp.68–73.
[3] I. S. Jacobs and C. P. Bean, “Fine particles, thin films and exchange anisotropy,” in Magnetism, vol. III, G.
T. Rado and H. Suhl, Eds. New York:
Academic, 1963, pp. 271–350.
[4] K. Elissa, “Title of paper if known,” unpublished.
[5] R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press.
[6] Y. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, “Electron spectroscopy studies on magneto-optical media
and plastic substrate interface,” IEEE Transl.
J. Magn. Japan, vol. 2, pp. 740–741, August 1987 [Digests 9th Annual Conf. Magnetics Japan, p. 301, 1982].
[7] M. Young, The Technical Writer’s Handbook. Mill Valley, CA: University Science, 1989.