Port Scanning

Port Scanning

Port Scanning-Port Scanning is an activity carried out to check the status of TCP and UDP ports on a machine. Many applications offer facilities for checking ports on a machine, such as netcat, unicornscan, nmap, etc. Now for the discussion this time we will use the nmap application. There is much we can do with the nmap application, from checking ports to identifying the operating system used by the target server.

If you try to browse through Google, you will find various variations of techniques in port scanning using the nmap application. Here are some examples of techniques that can be used to use nmap.

1. Checking open ports

nmap <host / IP target>

For the record, if we run the nmap query above with the root user, so it's the same as running nmap in silent stealth mode (-SS)

2. Check the specific port on the target machine

nmap -p <host / IP target>

3. Check the services that are running on the port

nmap -sV <host / IP target>

4. Check the target machine port in 1 network segment

nmap <host / IP target>

Examples of networks with segments 172.16.200.0/24:
nmap 172.16.200. *

5. Identify the engine operating system

nmap -O <host / IP target>

The example after we do nmap is as follows:

root @ bt: ~ # nmap -p 1-65535 -sV -O 172.16.200.20 (example command)

Starting Nmap 5.59BETA1 (http://nmap.org) at 2011-10-14 14:07 WIT
Nmap scan report for 172.16.200.20
Host is up (0.00052s latency).
Not shown: 65521 closed ports
PORT STATE SERVICE VERSION
135 / tcp open msrpc Microsoft Windows RPC
139 / tcp open netbios-ssn
445 / tcp open microsoft-ds?
1025 / tcp open msrpc Microsoft Windows RPC
1026 / tcp open msrpc Microsoft Windows RPC
1029 / tcp open msrpc Microsoft Windows RPC
1031 / tcp open msrpc Microsoft Windows RPC
1032 / tcp open msrpc Microsoft Windows RPC
1033 / tcp open msrpc Microsoft Windows RPC
1091 / tcp open ff-sm?
2869 / tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP / UPnP) default port
3389 / tcp open ms-term-serv?
5357 / tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP / UPnP) default port
64141 / tcp open tcpwrapped
MAC Address: 70: 71: BC: EC: EC: 51 (Pegatron) default port
Device type: general purpose
Running: Microsoft Windows Vista | 2008 | 7
OS details: Microsoft Windows Vista SP1 - SP2, windows 7,Windows Server 2008, or Windows 7 Ultimate and other
Network Distance: 1 hop
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 147.29 seconds result

root @ bt: ~ #

From the results of the scanning above we can find out which ports are open and know that the OS used is Windows Vista 7. By knowing the ports that are open and the OS of the target machine, we can determine the types of attacks that can be performed against the target host.

As a reliable security administrator it certainly will not necessarily provide information free to users, it's the same as you fishing your system to be penetrated by hackers / hackers. So there may be some among friends who will experience difficulties when identifying the OS from the target machine because it has been protected by the Admin.

But maybe the word pepeatah really is, there is nothing impossible. There is no security system that is truly safe. Next time we will use various methods that can be used to identify the OS of a target machine with the help of the nmap application, so much info can I share

Incoming Search Terms :

  • SFTP Port
  • SFTP Server
  • SFTP Client
  • SolarWinds
  • FTP Server
  • FTP Client
  • Putty Download Windows
  • SSH Keys
  • Core FTP
  • Solar winds software
  • Netflow solarwinds

Discussion: