TCP & UDP Port Scanning Lab Part 2

00:00

now we'll do. Ah, awesome. UDP scans

00:03

and I just wantedto tell you that UDP skins do take longer so I'll try to minimize the the number of ports that we scan here. But, Phil Frito, test it on your own.

00:22

So

00:24

syntax is using ah dash s you and then the rest of it is the same dash P space and then the port number.

00:33

And as I've told you before, I like to put the target at the end.

00:40

Okay, that was pretty quick scan, Really, Even though it was UDP

00:44

and for 53 is open on UDP

00:48

just d N s.

00:50

So we'll do Ah,

00:51

clear screen and I'll d'oh

00:56

map Dash s u

00:58

dash p will do multiple beauty people. It's this time

01:08

and I don't know if you noticed, but I'm choosing ports that I know

01:12

responded in previous scans.

01:15

So it enter

01:22

why this one

01:25

responded, I think. But I know RBC Bind

01:30

can be found on Windows Server So I wanted you to also see that the state here is open filtered.

01:37

Oh, and 1 11 is closed.

01:41

So it's really good information.

01:46

All right, Now do and map dash, s u

01:59

all right. This one takes a little bit of time, so go and run it.

02:02

And the main point here was to show you again that you can

02:07

separate reports by comma, But then you can also do a range,

02:10

and you could do the range first and then a comma and then specific ports if you want, or vice versa.

02:17

There's a lot of flexibility here in that map

02:21

entered to seethe status.

02:24

I mean,

02:36

all right, I'm gonna go and cancel the scan because I don't want to make this lab longer than it needs to be. You get the point? I think

02:43

so. Have a control. See,

02:46

Clear the screen again

02:51

and again. I want to show you that you could do Ah,

02:53

uh,

02:55

a name service scan, which is like a map

03:00

s You

03:12

so the same with TCP. You can specify it by the names of the service's.

03:19

And we see,

03:20

uh,

03:21

port states of open, open, filtered and closed on the service's and these ports,

03:27

and they're all GDP.

03:28

All right, so

03:30

I think you get the point there.

03:31

Now I want to show you how to do TCP syn and UDP scans of specific target specific ports.

03:38

So do a M out Dash s s

03:42

Dash s u

03:45

with a fast scan.

03:52

I actually think I might have already shown you this scan, but again, the main point is,

03:58

if you include Dash s Capitol you, which is UDP scan.

04:02

But you also want a TCP skin. You have to specify it. Otherwise, it'll Onley scan UDP So

04:09

I think I already showed you. So I'm gonna cancel that one.

04:14

So you and map Dash s

04:15

oops s

04:18

huh? Did again?

04:20

Yes. You

04:28

all right? This should go fast. I'm scanning T c b N u T p ports 53.

04:34

And the reason why I chose 53 is because that's d N s d n a server and client uses

04:41

Port 53.

04:43

So

04:46

I knew that those sports would be open on this window's 2012 server box.

04:54

Okay, so we'll do a N map.

04:56

Desh es es

04:59

you

05:15

All right. So this scans a couple of different TCP and UDP ports

05:19

specified here,

05:21

so the dash p and then followed by the port numbers

05:27

here

05:28

means that that since I'm doing a sin scan and the UDP scan,

05:32

it's gonna scan these sports

05:35

of both of those types of scans.

05:40

And the reason I'm pointing that out is because in a minute I want to show you how you can specify

05:45

different TCP ports than you. DP ports

05:51

hit. Enter.

05:54

There you go. So there's the results. You can see all of the UDP port scan

06:00

and their names.

06:01

Which ones are open,

06:03

and then

06:04

the TCP ports scanned

06:08

and their status in their names.

06:13

All right, so clear the screen. So here's where the rubber hits the road. I guess in some ways will do Ah,

06:18

uh,

06:19

scan that skins

06:21

different TCP ports

06:25

and you dp ports. So do and map

06:28

just like the other ones s U

06:31

So the syntax is t

06:41

and then a comma right afterwards.

06:50

So you see what I've done here. Here's the port. We already know that we're doing Ah, TCP Anna UDP scan

07:00

separated with a space minute Capital T colon. The number of the TCP ports I wanna scan comma you dp ports,

07:09

followed by, um,

07:11

colon and then the range. In this case, this might take a little bit of time to run, but

07:57

right and there's a results

07:59

you see the open TCP ports and the open UDP port No been filtered UDP port.

08:07

So the main point there wasjust to show you howto

08:11

how to do both at the same time and show you that the same flexibility from earlier scans applies to

08:20

when you want to do specific TCP ports and you d be boards. All right, so this is the last one, and I just want to show you the kind of the flexibility of n map.

08:46

All right, so the targets the same

08:48

both sent since can and UDP scan.

08:52

But notice that I put names of service is

08:58

and

08:58

numbers in there, too, So I could even modify this if I wanted Thio and

09:05

add additional TCP ports. Let's say 33 89.

09:09

Um And so the point is you can put numbers or you can put the names

09:16

all right, there's a fast scan. So

09:18

that's end of this lab. Just remember, with almost every scan that you run, you can choose the TCP and you tbe ports that are scanned and leave those that you aren't interested off. The most important part to remember is the dash P, followed by the port designation.

09:35

And the second most important part is to remember that in order to do a TCP and UDP scan,

09:41

you have to specify the type of DCP scan to run along with the Dash s Capitol. You

09:46

if you only put a Dash s Capitol you on Lee UDP scan Looker.

09:52

Thank you so much.

09:54

In this lesson, we learned about the following

09:58

first we talked about what port scanning is next. We discussed the different ports states recognized by N map.

10:03

Then we determined why we scan ports in the first place.

10:07

Then we applied that knowledge by talking about how port scanning is performed an end map and work through several examples in a lab.