In our last tutorial, we used social engineering. But in this tutorial we will be more on a CLI(Command Line Interface).
Nmap("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or servic uptime. And also Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what"s connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect(), TCP SYN (half-open), and FTP.
Understanding Nmap
One thing related to Nmap is ping sweep casually called ping. There are like five & six. Ping check if the system is open using the ICMP protocol. ICMP which is short for Internet Control Message Protocol (ICMP) is used to send control messages to network devices and hosts. While ping is a utility tool which receive response of the host if active, network speed and delay time. Here's a little demonstration:
∼$ ping -c 4 google.com
PING google.com (216.58.223.238) 56(84) bytes of data.
64 bytes of data from google.com (216.58.223.238):
icmp_seq=1 ttl=64 time=0.212 ms
64 bytes of data from google.com (216.58.223.238):
icmp_seq=2 ttl=64 time=0.174 ms
64 bytes of data from google.com (216.58.223.238):
icmp_seq=3 ttl=64 time=0.203 ms
64 bytes of data from google.com (216.58.223.238):
icmp_seq=4 ttl=64 time=0.424 ms
--- google ping statistics ---
4 packets transmitted, 4 received, 0% percent loss, time 1012ms
rrt min/avg/max/mdev = 0.192/0.203/0.223/0.012 ms
So now you see above that it responsed to our ICMP request and we also saw the delay. Now Nmap is similar, but it"s shows port that are open and available in the system. We are going explain what port are.
∼#&36;nmap gigocyberspace.com
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-06 09:11 WAT
Nmap scan report for gigocyberspace.com (46.249.199.34)
Host is up (0.15s latency).
Not shown: 991 closed tcp ports (conn-refused)
PORT STATE SERVICE
21/tcp open ftp
22/tcp filtered ssh
25/tcp filtered smtp
80/tcp open http
111/tcp filtered rpcbind
443/tcp filtered https
587/tcp filtered submission
2222/tcp open EtherNetIP-1
5666/tcp open nrpe
Nmap done: 1 IP address (1 host up) scanned in 22.91 seconds
What are ports
Ports in pen testing are like doors to different rooms. The door to the kitchen can't to go the living room. Neither can the door the dinner room lead to the guest room. That is how port are. If only the port of httpd(https) is open to can't exploit the server though maybe ssh.
~ $ nmap -p 80 gigocyberspace.com
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-06 11:38 WAT
Nmap scan report for gigocyberspace.com (46.249.199.34)
Host is up (0.17s latency).
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 14.24 seconds
~ $ nmap -p 443 gigocyberspace.com
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-06 11:38 WAT
Nmap scan report for gigocyberspace.com (46.249.199.34)
Host is up (0.17s latency).
PORT STATE SERVICE
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 15.38 seconds
In the example above, we saw that we scanned two ports: port 80 and port 443. let me explained this in more hackable terms. If a hackers wants to hack a bank and the only loophole in the security is the camera, he can't say the loophole is the the email. So a port it simply the channel in which data pass in and out. There are more than 60,000 ports in a system. And each ports uses different protocol. Some of them are:
- Internet Protocol (IP)
- Transmission Control Protocol
- Secure Shell
- Hyper Text Transmission Protocol Secure(HTTPS)
- Hyper Text Transmission Protocol (HTTP)
- Remote Desktop Protocol (RDP)
- File Transfer Protocol
- Session Initiation Protocol (SIP)
And many more
Thank you for reading this tutorial. See you next time.
