Scribd
Upload
114 views23 pages

Port Scanning

The document provides an overview of cyber security concepts, focusing on port scanning and footprinting techniques. It discusses tools like Nmap and Netcat for port scanning, as well as methods for gathering information about target networks, including WHOIS searches and various types of IP addresses. Additionally, it explains the significance of open, closed, and filtered ports in network security assessments.

Uploaded by

webigb.007
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
114 views23 pages

Port Scanning

The document provides an overview of cyber security concepts, focusing on port scanning and footprinting techniques. It discusses tools like Nmap and Netcat for port scanning, as well as methods for gathering information about target networks, including WHOIS searches and various types of IP addresses. Additionally, it explains the significance of open, closed, and filtered ports in network security assessments.

Uploaded by

webigb.007
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cyber Security

Port Scanning
Priyank Bhojak
Assistant professor
IT Department
BVM Engineering College
Port Scanning:
• Understanding port and services tools
• Port scanning tool- Nmap
• Netcat, Network
• sniffers and injection tools –
• Tcpdump and Windump, Wireshark.
Footprinting:

• Footprinting – finding and gathering as much


information as possible about target network.
– Basic information
– OS
– Server and system information
• Finding Company’s URL
• Find internal URLs
– http://www.webmaster-a.com/link-extractor-
internal.php
– http://news.netcraft.com
• Identify public and restricted links
• Search for company information
• Extract company data
– Web data extractor
– Black Widow
Whois Search
• WHOIS queries
– Domain name details
– Contact details
– Domain name servers
– Net range
• Tools
– www.tamos.com
– www.netcraft.com
– www.whois.net
– www.iptools.com
Footprinting and Scanning
• Definition
• Footprinting threats
• Internet Footprinting
• Competitive intelligence
• WHOIS
• DNS footprinting
• Network footprinting
• Website foot
• Email foot
• Google hacking
• Footprinting tools
Internet Protocol Address
• IPv4 Address: it is a 32 bit unique address
which is used for to connect with host system

– Class A : 1.xxx.xxx.xxx to 126.xxx.xxx.xxx


– Class B : 128.0.XXX.XXX to 191.0.xxx.xxx
– Class C : 192.0.0.XXX to 223.0.0.xxx

• Loopback Address : 127.XXX.XXX.XXX


• IPv6 Address : it is represented by a series of
eight 16 bit hexadecimal field separated by
colons(:) in the format x.x.x.x.x.x.x.x.

• Total 128 bit address


Protocol

A some set of Rules

• Human Protocols

• Defines the format and order of message exchanged as well


as actions taken on transmission.

• computer network protocol:


• HTTP
• FTP
• SMTP
• etc……..
Types of Services
• Connection Oriented Service
– Sending a control packet before transmitting
actual data
– 3 way Handshaking TCP
– Reliable , Flow control , Congestion Control
– TCP : HTTP , FTP , TELNET , SMTP

• Connection Less Service


– No handshaking
– Faster Delivery
– UDP : Media streaming , video conferencing
Port
• Port is an identity of process or service

• It is 16 bit unsigned integer

• Port no ranges from 0 to 65535

• IANA (Internet Assigned Number Authority) is


responsible for assigning port number for Use.
Well Known Port
• Port ranges from 0 to 1023 are known as well known
port numbers
• used by system processes that provide networking
services.

• Famous well known ports :


– 20 , 21 : FTP Data and Control ports
– 22 : SSH (Secure shell) for secure login
– 23 : Telnet for unencrypted text transmission
– 25 : Simple mail transfer protocol
– 53 : Domain Name system
– 520 : Routing information protocol
Registered Port
• Ranges from 1024 to 49151
• Assigned by IANA for specific services upon
applications by requesting entity
• User by ordinary users

• Examples :
– Proxy servers ports
– Virtual private network ports
– Port requested by IBM , Apple, Oracle and many
companies for their specific services
Dynamic, Private or Ephemeral ports
• Ranges from 49152 – 65535

• Can not be registered with IANA

• Used for private or temporary purposes


IP + Port
• IP : To connect with system
• Port : To connect with Process or application
• (IP Address) : (port number)

• If IP Address is a telephone than Port number


is extensions.
Port Scanner
• A port scanner is a software application designed to
probe a server or host for open ports.
• Used by administrators to verify security policies of
their networks
• Used by attackers to identify running services on a
host with the view to compromise it.

• Examples : NMAP
Port Scanning
• Main Goal of Port scanning is to find out which ports are open, which are closed
and which are filtered.

• Open port: port on which application is actively accepting TCP or UDP traffic.
– Finding open port is primary goal of port scanning
– Each open port is an avenue for attack
– Attacker want to exploit the open ports.
– Network administrator wants to protect by some firewall
– Important for non security scan also to identify available services
• Close Port: ports which are accessible but no application listening on it
– Used for Host discovery, OS Detection
– Network administrator want to block it by firewall to reduce its accessibility.
• Filtered port: ports which can not be reached by port scanner
– Can not identify weather its open or close
– Filtering can be from firewall device, routing rules, or firewall software
• Unfiltered port: ports which can be reached by port scanner but can not be
identified weather its open or close
• If port is open :
– Send SYN Packet
– Response will be SYN + ACK Packet

• If port is closed :
– Send SYN Packet
– Response will be RST Packet

• If port is Filtered :
– Send SYN Packet
– No response

• If target machine is protected by firewall than its firewall rules


that decides what will be the response of machine.
nmap port scanner
• nmap : network mapping is a open source scanner and which
was developed by fyodor.
• Most popular port scanner for Linux/Unix machines

• Services by nmap :
– Port scanning
– Identify all the running services on network
– Identifying operating system and protocol versions
– TCP Scan , UDP Scan, ICMP Scan

You might also like