Welcome to the end map lesson on TCP and UDP Port scanning
in many ways and map is best known and most widely used for its exceptional pork scanning abilities.
And this reputation is well deserved.
And even though and map is much more than a port scanner, its ability to effectively craft packets to probe TCP and UDP ports and analyze the responses is certainly the foundation of the rest of them. Maps, capabilities
Let's take a look at how to create and map statements that interrogate target boards.
Here are the learning objectives for this lesson. First, we'll start with the basics and talk about what port scanning is next. We'll discuss the different ports states recognized by N map.
Then we'll answer the question. Why scan ports?
Then we'll move on to the practical application of this knowledge, and that is how to scan TCP and UDP ports and in map, followed by a lab that demonstrates these concepts.
What is port scanning
and map is the most popular and widely used port scanning tool in the world,
and this makes sense because it has been around for a very long time, is very refined, sophisticated.
It's free and began as a port scanner. Poor scanning is the core and foundation upon which everything else in and map is built.
Just turn off with Let's Talk About what a port is.
if you didn't know what a port is, you probably wouldn't be interested in this course to begin with. But
let's dig into the details a little bit.
Ports are used by Layer four protocols, namely TCP and UDP, to help distinguish between communication channels.
I p at Layer three uses I P addresses to do this. We spoke about the TCP and UDP headers in a previous lesson, and I showed you what the packets look like in wire shark.
They're important for us because they're simple ways for us to determine what service is. Applications and sometimes even operating systems of the hosts were interested in.
Port numbers go from 1 to 65,535.
There are three types of boards.
One well known ports to registered ports and three dynamic and or private boards.
The well known ports are reserved ports that go from 1 2023 are registered with Diana for use with specific service is a couple common examples, or TCP ports 80 for http and UDP Port
53 for Dennis servers.
Registered boards go from 1024 to 49,151
and have also been registered with Diana,
but most of them are not is commonly used as the well known ports. The big difference is that unprivileged users combined to these ports to run various service's, which can't be done with well known ports.
Several examples are TCP ports 33 89 for Microsoft Terminal Service's or remote desktop
in UDP Port 14 34 for Microsoft sequel, server.
Dynamic and or private ports go from 1 49,052 to 5 65,035 and are used for proprietary service's and may otherwise be known as ephemeral.
So what is port scanning? The creator of N map defines it as the act of remotely testing numerous sports to determine what state they're in.
Sounds simple, right?
Well, the complicated part is knowing what works to scan, how to scan them and how to evaluate the responses.
This is where N map makes our lives easy
and map does all the hard work so that we simply need to learn how to critically analyze the results and output.
Of course, we have to create effective and map statements to gather the information we're looking for, and that is really what this course is all about.
If you're interested in going into much more depth about how in map looks at port scanning, see the reference provided in the last bullet point
and map can probe DCP or you DP ports on selected targets very quickly.
So what is it trying to determine about the sports? Well, to start with, it's trying to establish the state that the port is in. There are six port states recognized by N map. The three most commonly observed are open, closed and filtered, with the others being unfiltered,
Finding an open port is the primary objective of port scanning.
Every open port provides for an avenue of attack. Essentially, it means that an application or service is accepting a TCP connection or UDP packet on this port.
A close port means that the port receives in response to end Matt probes. But there's no application or service listening on it.
This still helps by showing that a target is online and has an I P address. So it's valuable for host discovery, pink scanning and a part of OS detection.
So if you want to protect that host, a more desirable Port ST is filtered, which can be provided by a firewall device rather rules or ah, host based firewall.
Ah, filter port is one in which, and map can't determine whether it is open or not because of some sort of packet filtering, preventing probes from reaching it.
They provide little information to the attacker and slow scans down. Considerably.
Unfiltered means that the port is accessible, but N map is unable to determine whether it is open or closed.
Axe scans classified ports into this state and our good to map firewall rule sets.
After seeing an unfiltered board from an axe, can you can try other scans on that port to see if it responds?
If N map shows an open filtered state, it means that it is unable to determine whether report is open or filtered.
This happens when a port is determined to be open but provides no response.
U T P I P Protocol Thin, null and Xmas scans classified ports this way.
Close filtered means that end map can't tell where the report is closed or filtered
and is only seen while using an i. P. I. D. Idol scan.
Poor scanning provides a lot of valuable insight to network admin, DS and security professionals, including penetration testers. One key objective of the information security professional. It's a reduced the attack surface, which means that we must reduce the number of service is that provide an avenue of attack.
Running various ports Scans against targets gives us critical information about what can be attacked.
In many cases, these responding applications and service's have been enabled by default in the network. Administrator simply doesn't know or hasn't done anything to protect them.
Once these applications are identified, the attacker can use common exploitation tools like medicine Ploy to break in.
Other key uses of port scanning include the creation of an inventory of network assets, both hardware and software for tracking
policy, compliance availability and network debugging.
We've already gone through a lot of N map scans in this course, but the purpose of this lesson is to focus on how to scan specific DCP and UDP boards.
Almost every and maps can will scanty severe UDP boards, even if none are specified.
One key exception to this is the no Port Host Discovery Scan offered by using the dash S N command line switch.
This slide gives you a quick list of different ports. Scanning command line switches in the lab will run through how these command lines, which is air applied and where I typically placed them. In a scan statement, all of these command line switches will be given to you as a part of the cheat sheet provided in this course.