NMAP


   A port is a logical endpoint for communication in an operating system. It's used to distinguish specific services or processes that are running on a computer. Ports are identified by numbers, ranging from 0 to 65535. For example, web traffic is usually sent over port 80 for HTTP and port 443 for HTTPS. Ports allow different applications and services to run concurrently on a single computer without interfering with each other's communication.

1.     Ping sweep network for online nodes:
nmap -sn -PE 172.16.99.0/24

Text

Description automatically generated

Here we see that there are 6 hosts up, identifying their IP and MAC addresses.

2.     Scan for open ports:
nmap –open 172.16.99.0/24

Text

Description automatically generated
Text

Description automatically generated

Notice that the port state only shows “open” as this is what was specified. So, we know that these ports are actively listening and available. This is where we would review these ports and evaluate if they are necessary to have in use.

3.     Scan for open services:
nmap -sV 172.16.99.0/24

Text

Description automatically generated
Text

Description automatically generated
Text

Description automatically generated
Text

Description automatically generated

Here we see various services that are open on the hosts in this network. Again, we would evaluate if these need to be open. Out the gate we know that telnet on .2 should be shut down.

4.     Scan common TCP ports HTTP and HTTPS:
nmap -p 80,443 172.16.99.0/24

Text

Description automatically generated
Text

Description automatically generated

Here we see that HTTP/HTTPS are open on .2, closed on .51, and filtered on the rest. Using curl can test these services to see if nmap’s findings are accurate.

5.     Scan common UDP port DNS:
nmap -sU -p 53 172.16.99.0/24

Text

Description automatically generated
Text

Description automatically generated

Here we see the state of the DNS port 53.

6.     Scan UDP and TCP on single host verbosely with optional skip ping:

nmap -v -Pn -sU -sT -p U:53,111,137,T:21-25,80,139,8080 172.16.99.20

Text

Description automatically generated

Here we see an output for both TCP and UDP ports for the host in question. Once again, we would evaluate if these ports should be opened to minimize attack surface.