Port Scanning can be done with many tools, today we will be looking at NMAP (Network Mapper) which is a free and open source tool for vulnerability scanning and network discovery. This is commonly used to identify what devices are running on a system and discovering hosts that are available. Along with host information we can also see what services they offer. We can also find open ports and discover security risks. NMAP also offers ping scans and scans to detect the operating system. It has been evolving over the years.
NMAP works by sending packets that make communication via transport layer protocols like TCP, UDP, SCTP, and ICMP. These protocols serve different purposes and are used for different system ports. NMAP also uses banner grabbing which is a technique to gain information about a computer system on a network and the services running on the ports. However some systems may provide filtering and closing of their ports to stay protected. Additionally open ports mostly have firewalls protecting them setup by their administrator. Additionally filtering is the process of filtering the packets sent to the port denying the NMAP probes from ever reaching their destination.
TCP Message Types – These are the messages you will receive when monitoring a TCP connection, also known as a three way handshake.
| SYN | Initiates and establishes the connection. Also synchronizes sequence numbers between devices. |
| ACK | Confirms to the other computer that it has received the SYN packet. |
| SYN-ACK | SYN message from local device and ACK of the earlier packet all in one message. |
| FIN | Terminates the connection. |
Examples of Port Scanning with Nmap
Ping Scan
$ proxychain nmap -sn 40.90.170.115/24
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 13:34 EDT
Nmap done: 256 IP addresses (33 hosts up) scanned in 7.30 seconds
Port Scan
$ proxychain nmap 40.90.170.141 -p1-65535
Not shown: 65534 filtered ports
PORT STATE SERVICE
443/tcp open https
Services Scan
$ proxychain nmap -vv -dd 40.90.170.141
