Port Scanning with Nmap

Explore the basics of port scanning with Nmap by understanding how it detects open, closed, and filtered ports. Learn to interpret port responses and run scans on common and specified port ranges to identify active services and potential security filters.

We'll cover the following...

Identifying ports
Filtered ports

Previously, we learned about the three-way handshake, ports, and protocols. Now let’s look at how Nmap finds open ports in a system.

Identifying ports

Nmap crafts custom packets of data and sends them to the server that’s being scanned. Based on the response (or lack of it), Nmap classifies ports as open or closed. For example, if Nmap sends an SYN request to port 22 and gets an RST flag, Nmap determines that the port is closed. If Nmap gets a SYN-ACK response back from the server, it means that the port is open and ready to accept incoming connections.

Once Nmap gets a SYN-ACK response back, we can either choose to drop the connection or continue the connection to gather more information. We’ll see these options under the “Nmap flags” section. ...

1.Introduction

2.Basics of Port Scanning

3.Getting Started with Nmap

4.Nmap: Useful Flags

5.Scanning in Depth

6.Operating System Detection and Aggressive Scanning

7.Stealth Scanning with Nmap

8.Advanced Scans

9.Spoofs, Decoys, and Zombies

10.Nmap Scripting Engine

11.Vulnerability Analysis and Reporting

Mini Project

12.Conclusion

13.Appendix

Port Scanning with Nmap

Identifying ports