Use Ports and Options to Identify Active Hosts and Vulnerable Services

May 4, 2018 | Views: 4387

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here
Nmap: Use the -sn, – -top-ports, and -sV options to Identify Active Hosts and Vulnerable Services

If you are just starting out in cybersecurity and considering the area of penetration testing (Red Teaming) you may be wondering how do pentesters (or attackers for that matter) know what ports are open on a system? Or how do they identify what services are running on a particular system? If you are considering a career in cybersecurity, particularly related to network security or penetration testing then there is a handy little tool that you should become familiar with. That tool is Nmap.

Nmap is a free and open source network scanning utility that has many uses that include basic network scanning, identifying what services a host is running, “fingerprinting” both the operating system and applications that are on a host, vulnerability scanning and much more. In this tutorial, I will cover at a high level some of the basics of using Nmap. Utilizing its command-line interface (CLI) (it does have a GUI) I will provide some examples that you can use quickly as a beginning security professional.

One of the first and most basic scans you can do with Nmap is to execute a ping sweep (-sn) scan. This type of scan is used to attempt to identify active hosts that are up on the network.

Fig. 1 nmap -sn 

Another useful scanning technique is to utilize the –top-ports tag. From the Nmap website…

“The –top-ports option lets you specify the number of ports you wish to scan in each protocol and will pick the most popular ports for you based on the new frequency data. For both TCP and UDP, the top 10 ports get you roughly half of the open ports. The top 1,000 (out of 65,536) will find roughly 93% of the open TCP ports and more than 95% of open UDP ports.”

93%…I’ll take that any day! But for this particular example, we are only going to look for the top 10 TCP ports and we will only scan a range of ten hosts. Notice in the output that we scanned a range of ten hosts but only three responded. This is not uncommon. Also, notice the otherwise very interesting output. There are several services running that should be making you want to follow up with our next example.

Fig. 2 nmap -sT –top-ports=10

The last scan identified a hand full of services running on the three systems and a couple of them should look very interesting if you are a security professional. With that said, the last scan we will go over in this post will show you how to follow up on the previous scan. This next scan will attempt to identify the service versions (-sV) running on the hosts identified previously.


Fig. 3 nmap -sT -sV –top-ports=10 

At this point as a security professional, depending on which team you are playing for you will either be extremely excited or extremely worried. If you are a RED TEAMER then you are so excited and should be rushing to launch your exploitation tool of choice. But, if you are a BLUE TEAMER then you are probably, picking yourself up off of the floor and transitioning into more of an Incident Response mindset.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. how to view or search old posts?

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



Is Linux Worth Learning in 2020?
Views: 742 / December 14, 2019
How do I Get MTA Certified?
Views: 1314 / December 12, 2019
How much does your PAM software really cost?
Views: 1751 / December 10, 2019
How Do I Get into Android Development?
Views: 2141 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?