NMAP

Course
Time
7 hours 1 minute
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:01
Welcome to Module three of our end map course, which will focus on the details of T C P. I P that are relevant to end map.
00:09
In this first lesson, we'll talk about I p v for
00:12
there isn't a lab in this lesson. So feel free to listen or learn from a device that isn't running in map.
00:17
Let's get started.
00:19
Here are the learning objectives for this lesson.
00:22
First, we'll start with a general discussion of T C B I B version for
00:27
next we'll discuss I'd be addressing.
00:30
Then we'll talk about cider notation. And finally, we'll talk about name resolution
00:35
because most of you know how I p v four and many of its associated protocols work. I'll work hard to focus on the things relevant toe and map.
00:45
One of the pre requisites of this course is that you have some knowledge and experience with the TCP I p. Protocol. Sweet.
00:52
I'm not gonna bore you with a ton of details about the OSS I model or history of D c v. I. P.
00:57
I just want to review a couple of things that are relevant to this course.
01:00
TCB I p version for is, after all, what most lands and when still currently used either exclusively or in a duel. Stack with IBV six
01:11
T C p i. P is generally made up of two key protocols. TCP, which is a connection oriented layer for or transport protocol, and I P, which is a layer three or network layer protocol.
01:23
Connection oriented, means that the state of each TCB i p connection is maintained in order to guarantee delivery of packets. One key aspect of this is T. C. P's three way handshake.
01:36
The TCP Hi P Protocol Sweet also includes a bunch of other stuff, including the user data Graham Protocol or UDP, which is a connection lis transport protocol that may be used as an alternative to TCP
01:49
and has less overhead is we'll see when examining all of the protocol headers.
01:53
Both TCP and UDP used port numbers as a way to determine what service or application data is transferred to
02:01
in n map. Knowing how I P addresses are assigned locally, either statically or through D H cp helps when determining target hosts and networks
02:12
in America, I S P s and corporations can obtain static publicly accessible. I P addresses through the American Registry for Internet Numbers, or Aaron.
02:22
Many times network administrators get their public eye peas from their eyes. P
02:25
and typically they issue out private addresses using a private I P. Addressing scheme that uses network address translation to talk on the Internet
02:35
nn map. It really helps to know the difference between Private I P addresses in public I p addresses. It also helps if you're familiar with or have memorized common TCP and you D be ports.
02:46
However, one of the beauties of end map is that a default and maps can automatically probes for 1000 of the most commonly used TCP and you d be pores
02:54
using the Dash Capital F command line Switch will cut that number down to 100 of the most commonly used ports.
03:02
All included cheat sheet with the 100 most commonly used TCP and UDP ports. In this lesson
03:09
in i P, addressing numbers are usually seen in their decimal form, such as 1 92.1 68.1 dot one,
03:17
so there are four sets of numbers separated by decimal points.
03:22
These numbers are read by network devices in their binary form, and each set is called an octet.
03:28
It's golden octet because the maximum value in each set is, too to the eighth. Power minus one,
03:34
because zero can be assigned is in value.
03:37
In other words, 255 is the maximum value that can be assigned in each octet.
03:43
So 255 in binary is 11111111 or eight ones.
03:51
Most of you have knowledge and experience with this, so I'm not gonna go into too much more detail about it.
03:57
The process of sub netting is usually one of the first mathematical encounters that network administrators must learn. It's kind of a rite of passage.
04:04
At its heart. Submitting is simply an address. ING methodology that allows network admin is to determine which portion of the I P address is the network and which part is the host.
04:15
They do this by assigning a combination of I P address and sub net mask
04:19
in many lands. A common sub net mask for each villain is 255255.255 dot zero.
04:28
This tells you that the 1st 3 octet of the I P address determines the network, and the fourth is the host,
04:33
so every network device in that villain will share the same 1st 3 octet. It's such as 1 92.1 68 that one,
04:42
and each device on the network will have a different and unique last octet
04:46
in and map. It helps to understand all of the different private addressing schemes and how to determine what network you're scanning from.
04:55
And Windows. You can determine your network by running an I P. Config at the command. Prompt and looking at your I P address in sub Net mask
05:02
in Lennox UNIX, including the Mac OS. You can determine it by running. I have config from a terminal.
05:10
One really important thing to understand and map is that the only way to determine a device is physical address where Mac address is by sitting on that network.
05:18
In other words, there really isn't a way to determine the Mac address of a remote host without having administrative privileges to the router or switch that that device sits on.
05:28
The only exception to this is when you're scanning station sits on a span or mirrored board.
05:34
C i. D R or cider stands for classless inter domain routing
05:40
rather than bore you with why it's called that or many other details, I'll boil it down to one simple thing.
05:46
Cider notation is an Ivy address, followed by a slash, followed by a number that represents the number of bits used to represent the network portion of the address.
05:56
In other words, the number after the slash is a simple representation of the sudden it mask.
06:01
So using our example from the previous slide 255.255 dot 255.0 is three octet. It's of eight ones, or 24 bits,
06:13
or another example would be 255.255 dot 0.0, which is simply the same as two objets of eight ones.
06:21
So an I P address, such as 1 72.16 that 1.0 followed by a slash 16 would be the same
06:30
as that i p address with a sub net mask of 255.2550 dot zero
06:36
an end map, you can use I p address in Southern notation as a target.
06:42
The great thing about doing it this way is that is quick,
06:45
and one of the reasons we're going through all of this background is to learn ways to write efficient and map scans.
06:51
If you don't fully understand cider notation, I suggest learning it.
06:56
You'll be happy you did.
06:58
D. N s stands for domain name system.
07:00
Deanna's translates names to I P addresses
07:04
a scene earlier. In this course, you can use a fully qualified domain name such as scan me dot and map dot warg as a target for a scan
07:13
by default and map will use your computer's name servers. When running a scan,
07:18
however, you can tell and map what name servers to use for a scan. In other words, you can use alternate name servers.
07:26
This is helpful in case you either don't trust your own name servers or if you want to see if there are differences between the way your name server resolves names relative to other name servers.
07:35
When obvious reason you might do this is to see if a computer network or D. N s server have been compromised by an attacker.
07:44
Understanding the way D N s works can really help you when using and map
07:48
in the short lesson, we talked about the TCP I P version for protocol suite with a focus on relevance to end map.
07:56
We started with a discussion of IBV four.
07:59
We then talked about I'd be addressing.
08:01
We moved on to cider notation and we finished up with name resolution.
08:05
Thanks so much for walking this lesson with me and I'll talk to you again in the next one.

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor