Nmap/Short Course/Lecture 2
From charlesreid1
Main page: Nmap/Short Course
Summary and Objective
Summary:
- This 30-minute session will build directly on the host discovery skills from Lecture 1, diving into how to identify what services are listening on discovered hosts.
Objective:
- To enable students to understand and proficiently use Nmap's fundamental TCP and UDP port scanning techniques, accurately interpret port states, and effectively perform service and version detection to identify running applications on target systems.
Notes
Recap & What is Port Scanning?
Quick Recap of Host Discovery
In our last session, we focused on host discovery – the critical first step of figuring out which targets on a network are online and responsive. We explored techniques like Ping Scans (-sn), various ICMP probes (-PE, -PP, -PM), TCP SYN/ACK pings (-PS, -PA), UDP pings (-PU), and ARP scans (-PR) for local networks. Remember, effective host discovery narrows our focus, ensuring we only expend resources on live systems. You should now have lists of active hosts from your initial sweeps of the lab scenarios.
Defining Port Scanning: Knocking on Doors
With a list of live hosts, port scanning is the next logical step. If host discovery tells us which houses in the neighborhood are occupied, port scanning is akin to checking all the doors and windows on those houses to see which ones are open, closed, or perhaps just look suspicious. Technically, a port is a numerical identifier that applications use to differentiate network traffic and services on a host. Port scanning uses Nmap to send specially crafted packets to target ports and analyze the responses (or lack thereof) to determine their status. This helps us identify which services (like web servers, mail servers, databases, etc.) are potentially running on a target machine.
Lab
Flags
