Scribd
Upload
68 views10 pages

11 2PortScanning

Port scanning involves probing ports on a remote machine to identify open ports and services. Common port scanning tools like NMAP can find open ports, identify operating systems through fingerprinting, and provide information to both attackers and defenders. While useful for security, port scanning raises ethical issues and risks flooding target machines. NMAP is an open source tool available on Windows and Unix that stealthily scans ports and attempts to identify operating systems from responses.

Uploaded by

mano2116
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
68 views10 pages

11 2PortScanning

Port scanning involves probing ports on a remote machine to identify open ports and services. Common port scanning tools like NMAP can find open ports, identify operating systems through fingerprinting, and provide information to both attackers and defenders. While useful for security, port scanning raises ethical issues and risks flooding target machines. NMAP is an open source tool available on Windows and Unix that stealthily scans ports and attempts to identify operating systems from responses.

Uploaded by

mano2116
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 10

Network Security

Port Scanning and Enumeration


(NMAP)
Port Scanning
Definition: Probing the ports on a remote
machine to gain information
 Port – a virtual identifier on a system for a particular
application/protocol
 Examples:
ftp: port 21
ssh: port 22
telnet: port 23
http: port 80
Oracle: port 1521
Usefulness
 Attacker: which ports are open?
 Defender: which ports are potential vulnerabilities?
Specific Uses
Find out if system is up
 Ping scanning
Find open/vulnerable ports – what services are
available?
 Port scanning
Operating System identification
 TCP/IP fingerprinting
 Based on packet TTL, packet size, flags set on
SYN/SYN|ACK packets in TCP handshaking
How to use this information
Identify exposed ports/services
Shut down any unneeded services
 Famous last words - “I didn’t know X was
running on my system”
Ensure that services that are running do
not have security vulnerabilities
Issues
Possible problems with usage
 Options can flood target machine with packets,
potentially affecting it
Ethics
 Is it ethical to probe an arbitrary system?
Most say “no”
Identification of probing system
 http://www.insecure.org/nmap/idlescan.html
Port Scanning Tools
Unix/Linux
 nmap
 HPING2
 udp_scan
 netcat (nc)
Windows
 SuperScan4
 WinScan
 ipEye
nmap
One of many software implementations of a
port scanner
Open source
Available on Windows and Unix
Supports many hardware options, including
some PDAs
Now with GUI front ends
 Linux: nmapfe
 Windows: nmapwin
http://www.insecure.org
nmap features
Identifies open ports
 Options for regular or stealth scanning
Regular scanning – attempt full connection with
port; scanned system knows scan is occurring and
can identify scanner
Stealth scanning – attempt partial connection with
port; scanned system may not know scan is
occurring and may not be able to identify scanner
Attempts to identify operating system
 Usually correct, but can be fooled
nmap Output Example

Starting nmap V. 2.54 (www.insecure.org)


Interesting ports on (www.xxx.yyy.zzz)
(The xxxx ports scanned but not shown here are in state:
closed)
Port State Service
22/tcp open ssh
47017/tcp open unknown
TCP Sequence Prediction: Class-random positive increments
Difficulty=3980866 (Good luck!)
Remote operating system guess: Linux 2.1.122 – 2.2.16
Nmap run completed - - 1 IP address (1 host up) scanned in
5 seconds
SuperScan4
Nice Windows GUI
Many extra options
Information on ports/services in HTML
report format

You might also like