Presentation is loading. Please wait.

Presentation is loading. Please wait.

Port Scanning and Enumeration (NMAP)

Published byDavid Pearson Modified over 9 years ago

Similar presentations

Presentation on theme: "Port Scanning and Enumeration (NMAP)"— Presentation transcript:

1 Port Scanning and Enumeration (NMAP)
Network Security Port Scanning and Enumeration (NMAP)

2 Port Scanning Definition: Probing the ports on a remote machine to gain information Port – a virtual identifier on a system for a particular application/protocol Examples: ftp: port 21 ssh: port 22 telnet: port 23 http: port 80 Oracle: port 1521 Usefulness Attacker: which ports are open? Defender: which ports are potential vulnerabilities?

3 Specific Uses Find out if system is up
Ping scanning Find open/vulnerable ports – what services are available? Port scanning Operating System identification TCP/IP fingerprinting Based on packet TTL, packet size, flags set on SYN/SYN|ACK packets in TCP handshaking

4 How to use this information
Identify exposed ports/services Shut down any unneeded services Famous last words - “I didn’t know X was running on my system” Ensure that services that are running do not have security vulnerabilities

5 Issues Possible problems with usage Ethics
Options can flood target machine with packets, potentially affecting it Ethics Is it ethical to probe an arbitrary system? Most say “no” Identification of probing system

6 Port Scanning Tools Unix/Linux Windows nmap HPING2 udp_scan
netcat (nc) Windows SuperScan4 WinScan ipEye

7 nmap One of many software implementations of a port scanner
Open source Available on Windows and Unix Supports many hardware options, including some PDAs Now with GUI front ends Linux: nmapfe Windows: nmapwin

8 nmap features Identifies open ports
Options for regular or stealth scanning Regular scanning – attempt full connection with port; scanned system knows scan is occurring and can identify scanner Stealth scanning – attempt partial connection with port; scanned system may not know scan is occurring and may not be able to identify scanner Attempts to identify operating system Usually correct, but can be fooled

9 nmap Output Example Starting nmap V. 2.54 (www.insecure.org)
Interesting ports on ( (The xxxx ports scanned but not shown here are in state: closed) Port State Service 22/tcp open ssh 47017/tcp open unknown TCP Sequence Prediction: Class-random positive increments Difficulty= (Good luck!) Remote operating system guess: Linux – Nmap run completed IP address (1 host up) scanned in 5 seconds

10 SuperScan4 Nice Windows GUI Many extra options
Information on ports/services in HTML report format

Download ppt "Port Scanning and Enumeration (NMAP)"

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Security Scan melalui Internet Onno W. Purbo

Security Scan melalui Internet Onno W. Purbo
TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.

TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.
Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.

Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.
Nmap Experiment.

Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.

1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.

Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Deff Arnaldy 0818 0296 4763 1.

Deff Arnaldy

Similar presentations

Ads by Google