Introduction to Nmap: Port Scans, ping sweep, and monitor for open Ports on your Local Host and/or VPS
In this day and age networking is being used in almost every part of our daily lives. From wired to wireless internet and all networked devices in between has expanded outside of the PC desktop boundaries to mobile laptops and smart phones or devices. All these connections to the network has lead to new risk and for many system and network administrators found, Nmap is helpful auditing tool. Nmap is an open source free application which stands for Network Mapper. This application is both powerful and versatile that it is flexible that can scan large multiple networks and work for different operating systems .
Internet connected devices connect to the network by various ports. The range of ports to be used is from 1 to 65535 and they are all used for different purposes. These ports are used for transporting data by either a service or application.
Some basic information on the terminology regards to ports and their configuration starts with four key words. Here are some terms that will help you understand the discussion that will follow:
Consider this a unique door that allows a computers to connect to a specific application or services. An example, is port 20 and it’s the File transfer Protocol (FTP) typically used to move files form a server to computer.
Internet Sockets: Before data can be sent, an application requests the operating system for a IP address and an associated port number to use for handling the data transfer.
Binding: Once the application or service establishes a connection to it’s destination using the internet socket it binds that information together. At that point, both data input and output will be sent from the binding information.
Listening: Listening on a port occurs when it is binding directs it’s connection to a port, protocol, IP address waits for requests to a service. This prevents connection trying to overlap or collide with other data reaching the same port.
Port Scanning: Port scanning is the process of attempting to connect to a number of sequential ports, for the purpose of acquiring information about which are open and what services and operating system are behind them.
Ports are specified by a number ranging from 1 to 65535.
Many ports below 1024 are associated with services that Linux and Unix-like operating systems consider critical to essential network functions, so you must have root privileges to assign services to them.
Ports between 1024 and 49151 can be registered or reserved. More information can be found on the Internet Assigned Numbers Authority (IANA)
Ports between 49152 and 65535 cannot be registered but can be used for private use.
Here is another list of commonly used Ports:
20: FTP data
21: FTP control port
23: Telnet <= Insecure, not recommended for most uses
43: WHOIS protocol
53: DNS services
67: DHCP server port
68: DHCP client port
80: HTTP traffic <= Normal web traffic
110: POP3 mail port
113: Ident authentication services on IRC networks
143: IMAP mail port
389: LDAP port
443: HTTPS <= Secure web traffic
587: SMTP <= message submission port
631: CUPS printing daemon port
USING NMAP for securing a network involves doing vulnerability testing with a variety of commands. In short this means trying to infiltrate your network and discover weaknesses in the same way that an attacker might.
Out of all of the available tools for this, Nmap is perhaps the most common and powerful.
You can install nmap on an Ubuntu or Debian machine by entering:
sudo apt-get updatesudo apt-get install nmap
How To Scan Ports with Nmap
Nmap is a powerful tool that can scan networks for vital information to show how a network can be secure or unsecured. For many network administrators they use tools as network scanner to seek out vulnerabilities as a potential hacker might to gain unauthorized access would. Once Nmap list an open or vulnerabile portst are found the administrators can then lock down that port to prohibit unauthorized acess.
The nmap has established a dummy server for testing at
scanme.nmap.org. As well you can practice on your own server or any server you are authorized to use. Remember that it can be considered illegal to attempt to gain access to servers or network that you are not authorized to access.
Some Basic Nmap commands as shown below can take a while to complete so please wait until Nmap shows the output
Scan for the host operating system:
sudo nmap -O remote_host
Skip network discovery portion:
sudo nmap -PN remote_host
Specify a range with “-” or “/24″ to scan a number of hosts at once:
sudo nmap -PN xxx.xxx.xxx.xxx-yyy
Scan a network range for available services:
sudo nmap -sP network_address_range
Scan without preforming a reverse DNS lookup :
sudo nmap -n remote_host
Scan a specific port instead of all common ports:
sudo nmap -p port_number remote_host
To scan for TCP connections, nmap can perform a 3-way handshake :
sudo nmap -sT remote_host
To scan for UDP connections:
sudo nmap -sU remote_host
Scan for every TCP and UDP open port:
sudo nmap -n -PN -sT -sU -p- remote_host
To scan a SYN :
sudo nmap -sS remote_host
can use, but this should get you started on exploring your networking vulnerabilities.
Lastly ,How To Check Your Own Open Ports
There are multiple option on how to check your own port but in this case we are using NMAP
on a Ubuntu or Debian OS.
Run this command
sudo netstat -plunt
and it’s output will show you various output as port, listening state, and more.
There’s few keys points in this article, Understanding ports, their configuration and learning how discover attack vulnerabilities on your server. There are multiple tools available to use for testing a host or server but this is one important step in securing your network. The goal is to discover what ports are open so that you can close them to threats and lock down your host or server.