Cyber Security

Port Scanning
Priyank Bhojak
Assistant professor
IT Department
BVM Engineering College
 Port Scanning:
• Understanding port and services tools
• Port scanning tool- Nmap
• Netcat, Network
• sniffers and injection tools –
• Tcpdump and Windump, Wireshark.
 Footprinting:

• Footprinting – finding and gathering as much

information as possible about target network.
– Basic information
– OS
– Server and system information
• Finding Company’s URL
• Find internal URLs
– http://www.webmaster-a.com/link-extractor-
internal.php
– http://news.netcraft.com
• Identify public and restricted links
• Search for company information
• Extract company data
– Web data extractor
– Black Widow
 Whois Search
• WHOIS queries
– Domain name details
– Contact details
– Domain name servers
– Net range
• Tools
– www.tamos.com
– www.netcraft.com
– www.whois.net
– www.iptools.com
 Footprinting and Scanning
• Definition
• Footprinting threats
• Internet Footprinting
• Competitive intelligence
• WHOIS
• DNS footprinting
• Network footprinting
• Website foot
• Email foot
• Google hacking
• Footprinting tools
 Internet Protocol Address
• IPv4 Address: it is a 32 bit unique address
which is used for to connect with host system

– Class A : 1.xxx.xxx.xxx to 126.xxx.xxx.xxx

– Class B : 128.0.XXX.XXX to 191.0.xxx.xxx
– Class C : 192.0.0.XXX to 223.0.0.xxx

• Loopback Address : 127.XXX.XXX.XXX

• IPv6 Address : it is represented by a series of
eight 16 bit hexadecimal field separated by
colons(:) in the format x.x.x.x.x.x.x.x.

• Total 128 bit address

 Protocol

A some set of Rules

• Human Protocols

• Defines the format and order of message exchanged as well

as actions taken on transmission.

• computer network protocol:

• HTTP
• FTP
• SMTP
• etc……..
 Types of Services
• Connection Oriented Service
– Sending a control packet before transmitting
actual data
– 3 way Handshaking TCP
– Reliable , Flow control , Congestion Control
– TCP : HTTP , FTP , TELNET , SMTP

• Connection Less Service

– No handshaking
– Faster Delivery
– UDP : Media streaming , video conferencing
 Port
• Port is an identity of process or service

• It is 16 bit unsigned integer

• Port no ranges from 0 to 65535

• IANA (Internet Assigned Number Authority) is

responsible for assigning port number for Use.
 Well Known Port
• Port ranges from 0 to 1023 are known as well known
port numbers
• used by system processes that provide networking
services.

• Famous well known ports :

– 20 , 21 : FTP Data and Control ports
– 22 : SSH (Secure shell) for secure login
– 23 : Telnet for unencrypted text transmission
– 25 : Simple mail transfer protocol
– 53 : Domain Name system
– 520 : Routing information protocol
 Registered Port
• Ranges from 1024 to 49151
• Assigned by IANA for specific services upon
applications by requesting entity
• User by ordinary users

• Examples :
– Proxy servers ports
– Virtual private network ports
– Port requested by IBM , Apple, Oracle and many
companies for their specific services
Dynamic, Private or Ephemeral ports
• Ranges from 49152 – 65535

• Can not be registered with IANA

• Used for private or temporary purposes

 IP + Port
• IP : To connect with system
• Port : To connect with Process or application
• (IP Address) : (port number)

• If IP Address is a telephone than Port number

is extensions.
 Port Scanner
• A port scanner is a software application designed to
probe a server or host for open ports.
• Used by administrators to verify security policies of
their networks
• Used by attackers to identify running services on a
host with the view to compromise it.

• Examples : NMAP
 Port Scanning
• Main Goal of Port scanning is to find out which ports are open, which are closed
and which are filtered.

• Open port: port on which application is actively accepting TCP or UDP traffic.
– Finding open port is primary goal of port scanning
– Each open port is an avenue for attack
– Attacker want to exploit the open ports.
– Network administrator wants to protect by some firewall
– Important for non security scan also to identify available services
• Close Port: ports which are accessible but no application listening on it
– Used for Host discovery, OS Detection
– Network administrator want to block it by firewall to reduce its accessibility.
• Filtered port: ports which can not be reached by port scanner
– Can not identify weather its open or close
– Filtering can be from firewall device, routing rules, or firewall software
• Unfiltered port: ports which can be reached by port scanner but can not be
identified weather its open or close
• If port is open :
– Send SYN Packet
– Response will be SYN + ACK Packet

• If port is closed :
– Send SYN Packet
– Response will be RST Packet

• If port is Filtered :
– Send SYN Packet
– No response

• If target machine is protected by firewall than its firewall rules

that decides what will be the response of machine.
 nmap port scanner
• nmap : network mapping is a open source scanner and which
was developed by fyodor.
• Most popular port scanner for Linux/Unix machines

• Services by nmap :
– Port scanning
– Identify all the running services on network
– Identifying operating system and protocol versions
– TCP Scan , UDP Scan, ICMP Scan