Discovering ports over the network
In this recipe, we will use the list of active IPs we scanned and saved in the file to perform information gathering, the purpose will be to scan them for open ports on those IPs. We will be using nmap and its features to discover open ports.
Getting ready
We will use the nmap tool to detect open ports on the IP. Let's start with the process of detecting the open ports over a specific IP.
How to do it...
For this recipe, you will need to perform the following steps:
- We will run nmap by typing the following command in terminal:
nmap <ip address>The output will be as shown in the following screenshot:
- We can even check what the tool is doing by using the verbose switch, by entering the following command in Terminal:
nmap -v <IP address>The output will be as shown in the following screenshot:
- By default, it scans only 1,000 well-known sets of ports. If we are interested in setting the scan preference to the top 100 ports, we can run the following command in terminal:
nmap --top-ports <number> <ip address>The output will be as shown in the following screenshot:
- We can even limit our port scanning to specific ports or a range of ports for any given IP(s) or IP range(s). We can run the following command to see the same:
nmap -p <port range> <IP address>The output will be as shown in the following screenshot:
- There could be scenarios when we would like to know which IP(s) have a specific service running in the entire network range. We run the following command in Terminal:
nmap -p <port number> <IP address>The output is shown as follows:
- Let's say we would like to check what UDP ports are open on a particular system. We can check this by typing the following command in Terminal:
nmap -sU <IP Address>The output will be as shown in the following screenshot:
- In the previous recipe, we saw that we had saved the output of live IPs in one file; let us now look at how to import IPs from a file and perform a simple TCP scan.
Open terminal and type the following command, making sure you enter the path to the IP file correctly:
nmap -sT -iL /root/nmapliveIPs.txtThe output will be as shown in the following screenshot:
- The live IP scan result can be saved in a file using the following command:
nmap -sT -iL /root/nmapliveIPs.txt > openports.txt - Nmap also has a graphical version of itself; it's named zenmap, and it looks as follows:
How it works...
Let us understand how these switches work:
Nmap < IP address>: Only performs a SYN scan on the famous ports and derives the basic set of information-v: Toggles on the verbose mode, thus providing more information about the type of scan--top-ports <number>: This switch tells nmap to scan for the given number of ports from the famous port repository-p: This switch tells nmap that it should only scan for the port numbers mentioned after the switch-sU: This is a UDP switch in nmap, telling it to scan for open ports by sending UDP packets and detecting corresponding responses-sT: This is a TCP switch, telling nmap to establish the connection with the target network to make sure that the ports are definitely open-iL: This switch tells nmap that the input can be taken from the file mentioned following the-iLswitch
In this recipe, we have seen how we can detect open ports; this will help us proceed with upcoming recipes.
There's more...
There are many other options available in nmap which can be used to scan for protocol-based open ports, and also other techniques for effective scanning to try and keep a low-level detection of a scanner being run in the network. Useful commands in the tool are as follows:
-sS: This command performs a SYN can (fastest and most accurate scan- recommended)-sX: This command performs an Xmas scan-sF: This command performs a FIN scan-sN: This command performs a Null scan-sU: This command performs a UDP scan. However, it isn't very accurate, since UDP is stateless
See also
- For Zenmap (GUI version of nmap), we recommend you visit http://nmap.org/book/man-port-scanning-techniques.html , as a reference. It can be found under Kali Linux | Information Gathering | Network Scanners | Zenmap