SlideShare a Scribd company logo

NMAP Report on Port Scanning

Download as DOCX, PDF
shwetha mk
shwetha mk

1. To perform active OS fingerprinting, use Nmap's "-O" flag followed by the target IP address. This sends probe packets to the target and analyzes the responses to determine the operating system. 2. For passive fingerprinting, sniff the network traffic without making contact with targets. Analyze characteristics like TCP/IP stack implementation to fingerprint operating systems. 3. Nmap is a useful tool for active fingerprinting as it has a large database of OS fingerprints. Passive fingerprinting can be done using a network sniffer without alerting targets. Both methods provide ways to remotely determine operating systems without access to

Education
1 of 14
M. S. RAMAIAH INSTITUTE OF TECHNOLOGY (AUTONOMOUS INSTITUTE, AFFILIATED TO VTU) A Presentation Report on “NMAP” Submitted in Partial fulfillment of 5th Semester B.E In Information Science and Engineering For the subject Data communication[IS511] Submitted by Deekshapoornashri (1MS13IS141) Greeshma R J (1MS13IS142) Shakunthala B V (1MS14IS412) Shanta (1MS14IS413)
M. S. RAMAIAH INSTITUTE OF TECHNOLOGY DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING BANGALORE – 560 054 C E R T I F I C A T E This is to certify that the “Presentation on NMAP” has been successfully completed by: Deekshapoornashri 1MS13IS141 Greeshma R J 1MS13IS142 Shakunthala B V 1MS14IS412 Shanta 1MS14IS413 In partial fulfillment of 5th Semester B.E (Information Science &Engg) for the subject “DATA COMMUNICATION(IS511)” during the period 2015 - 2016, as prescribed by Department of Information Science & Engineering, MSRIT. Signature of Staff Incharge Mr. Suresh kumar Asst. Professor, Dept. of ISE, MSRIT
ACKNOWLEDGEMENTS Any achievement, be it scholastic or otherwise does not depend solely on the individual efforts but on the guidance, encouragement and cooperation of intellectuals, elders and friends. A number of personalities, in their own capacities have helped us in carrying out this project work. We would like to take this opportunity to thank them all. We deeply express our sincere gratitude to our guide Prof. Mr.Sureshkumar Assistant Professor, Department of ISE, M.S.R.I.T, Bengaluru, for his able guidance, regular source of encouragement and assistance throughout this project. We would like to thank Dr. VIJAYKUMAR B P, Head of Department, Information Science & Engineering, M.S.R.I.T, Bengaluru, for his valuable suggestions and expert advice. Most importantly, we would like to thank Dr. N.V.R NAIDU Principal, M.S.R.I.T, Bengaluru, for his moral support towards completing our project work. We thank our Parents, and all the Faculty members of Department of Information Science & Engineering For their constant support and encouragement. Last, but not the least, we would like to thank our peers and friends who provided us with valuable suggestions to improve our project.
CONTENTS:  Nmap  Features  Performan experiment for portscanning with nmap  How to use nmap  Output screen shots
NMAP Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community. Nmap was originally a Linux-only utility, but it was ported to Windows, Solaris, HP-UX, BSD variants (including OS X), AmigaOS, and IRIX. Linux is the most popular platform, followed closely by Windows.
FEATURES Nmap features include:  Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.  Port scanning – Enumerating the open ports on target hosts.  Version detection – Interrogating network services on remote devices to determine application name and version number.  OS detection – Determining the operating system and hardware characteristics of network devices.  Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.  Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses. Typical uses of Nmap:  Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.  Identifying open ports on a target host in preparation for auditing.  Network inventory, network mapping, maintenance and asset management.  Auditing the security of a network by identifying new servers.  Generating traffic to hosts on a network.  Find and exploit vulnerabilities in a network.
PERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP Port Scanning: Port Scanning is one of the most popular techniques attackers use to discover services they can break into. All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well-known ports. By port scanning the attacker finds which ports are available (i.e., being listened to by a service). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Port Numbers The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned numbers. The port numbers are divided into three ranges: the Well Known Ports (0..1023), the Registered Ports (1024..49151), and the Dynamic and/or Private Ports (49152..65535). Well-Known Ports All the operating systems now honor the tradition of permitting only the super-user open the ports numbered 0 to 1023. These well-known ports (also called standard ports) are assigned to services by the IANA (Internet Assigned Numbers AuthorityPERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP ). On Unix, the text file named /etc/ services (on Windows 2000 the file named %windier% system32 drivers etc services) lists these service names and the ports they use. Here are a few lines extracted from this file: echo 7/tcp Echo ftp-data 20/udp File Transfer [Default Data] ftp 21/tcp File Transfer [Control] ssh 22/tcp SSH Remote Login Protocol telnet 23/tcp Telnet domain 53/udp Domain Name Server www-http 80/tcp World Wide Web HTTP Nmap: Nmap ("Network Mapped") is a free and open source utility for network exploration or security auditing. The six port states recognizedby Nmap Open-An application is actively accepting TCP connections, UDP datagram or SCTP
associations on this port. Finding these is often the primary goal of port scanning. Security minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect hem with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because theyshow services available for use on the network. Closed-A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next. Filtered-Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically. Unfiltered-The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rule sets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open. openfiltered-Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way. Closedfiltered-This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
Nmap Scan -sS (TCP SYN scan) SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections. SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's FIN/NULL/Xmas, Maim on and idle scans do. It also allows clear, reliable differentiation between the open, closed, and filtered states. -sT (TCP connect scan) TCP connect scan is the default TCP scan type when SYN scan is not an option -sU (UDP scans) While most popular services on the Internet run over the TCP protocol, UDPservices are widely deployed. DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68) are three of the most common. Because UDP scanning is generally slower and more difficult than TCP, some security auditors ignore these ports -sY (SCTP INIT scan) SCTPis a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. It is mostly being used for SS7/SIGTRAN related services but has the potential to be used for other applications as well. -sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even open| filtered) ports. It is used to map out firewall rule sets, determining whether they are stateful or not and which ports are filtered.
USING NMAP 1)FIND OPEN PORTS ON A SYSTEM 2) FIND THE MACHINES WHICH ARE ACTIVE 3)FIND THE VERSION OF REMOTE OS ON OTHER SYSTEMS 4)FIND THE VERSION OF S/W INSTALLED ON OTHER SYSTEM 1. Download Nmap from www.nmap.org and install the Nmap Software with Win cap Driver utility. 2. Execute the Nmap-Zen map GUI tool from Program Menu or Desktop Icon. 3. Type the Target Machine IP Address(ie, Guest OS or any website Address) 4. Perform the profiles shown in the utility.
PERFORM AN EXPERIMENT ON ACTIVE AND PASSIVE FINGER PRINTING USING NMAP. Fingerprinting OS: Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprintingcan be classified into two types  Active Stack Fingerprinting  Passive Stack Fingerprinting Active Stack Fingerprinting It involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database and the OS is identified. It is commonly used method though there are high chances of getting detected. It can be performed by following ways. Using Nmap :Nmap is a port scanning tool that can be used for active stack OS fingerprinting. Syntax: nmap –O ip address Example: nmap –O 192.168.1.88 Passive StackFingerprinting It involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. Passive stack fingerprinting can be performed in following ways.
OUTPUT: ACTIVE OS FINGERPRINTING 1. nmap -O 192.168.1.88

Recommended

Scanning
ScanningScanning
ScanningAshok kumar sandhyala
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionChris Harrington
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network securityChippy Thomas
 

Recommended

Scanning
ScanningScanning
ScanningAshok kumar sandhyala
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionChris Harrington
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network securityChippy Thomas
 
Wireshark
WiresharkWireshark
WiresharkDeepika Ojha
 
Wireshark tutorial
Wireshark tutorialWireshark tutorial
Wireshark tutorialPiyush Mittal
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer vilss
 
Wireshark lab getting started one’s unde
Wireshark lab getting started one’s undeWireshark lab getting started one’s unde
Wireshark lab getting started one’s undepiya30
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)Denny K
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Viren Rao
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniffKshitij Tayal
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANsIshraq Al Fataftah
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Wireshark tutorial
Wireshark tutorialWireshark tutorial
Wireshark tutorialChaman Poorani
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark pptbala150985
 
Wireshark - Basics
Wireshark - BasicsWireshark - Basics
Wireshark - BasicsYoram Orzach
 
How to use packet sniffers
How to use packet sniffersHow to use packet sniffers
How to use packet sniffersDeepika Padmanabhan
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffingTanmay 'Unsinkable'
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 
Technology For Best Schools ( i school )
Technology For Best Schools ( i school )Technology For Best Schools ( i school )
Technology For Best Schools ( i school )Harry C
 
Rakesh b.tech
Rakesh b.techRakesh b.tech
Rakesh b.techRakesh Raushan
 

More Related Content

What's hot

Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer vilss
 
Wireshark lab getting started one’s unde
Wireshark lab getting started one’s undeWireshark lab getting started one’s unde
Wireshark lab getting started one’s undepiya30
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)Denny K
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Viren Rao
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANsIshraq Al Fataftah
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Wireshark - Basics
Wireshark - BasicsWireshark - Basics
Wireshark - BasicsYoram Orzach
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 

What's hot (20)

Wireshark
WiresharkWireshark
Wireshark
 
Wireshark tutorial
Wireshark tutorialWireshark tutorial
Wireshark tutorial
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
Packet Sniffer
Packet Sniffer Packet Sniffer
Packet Sniffer
 
Wireshark lab getting started one’s unde
Wireshark lab getting started one’s undeWireshark lab getting started one’s unde
Wireshark lab getting started one’s unde
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATION
 
Wireshark tutorial
Wireshark tutorialWireshark tutorial
Wireshark tutorial
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark ppt
 
Wireshark - Basics
Wireshark - BasicsWireshark - Basics
Wireshark - Basics
 
How to use packet sniffers
How to use packet sniffersHow to use packet sniffers
How to use packet sniffers
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
 

Viewers also liked

Technology For Best Schools ( i school )
Technology For Best Schools ( i school )Technology For Best Schools ( i school )
Technology For Best Schools ( i school )Harry C
 
Alien cicatrix-2-simbad-corrado-malanga
Alien cicatrix-2-simbad-corrado-malangaAlien cicatrix-2-simbad-corrado-malanga
Alien cicatrix-2-simbad-corrado-malangaDespinaLazar
 
Transmision media ppt
Transmision media pptTransmision media ppt
Transmision media pptshwetha mk
 
Albert Chen Work experience20150722
Albert Chen Work experience20150722Albert Chen Work experience20150722
Albert Chen Work experience20150722Yu Yong Chen
 
Farmacos antimicoticos sss
Farmacos antimicoticos sssFarmacos antimicoticos sss
Farmacos antimicoticos sssmagdiel vazquez
 
Knowledge Management
Knowledge ManagementKnowledge Management
Knowledge ManagementRitubatra9
 
updated Nursing resume
updated Nursing resumeupdated Nursing resume
updated Nursing resumeFrank Pereira
 
Programa Física Médica USACH
Programa Física Médica USACHPrograma Física Médica USACH
Programa Física Médica USACHarchivomedico
 
Slide uh 5 kls 7 ganjil
Slide uh 5 kls 7 ganjilSlide uh 5 kls 7 ganjil
Slide uh 5 kls 7 ganjilmardhiyah213
 
David's short film proposal
David's short film proposal David's short film proposal
David's short film proposal DayJay
 
Blue Brain Seminar Report
Blue Brain Seminar ReportBlue Brain Seminar Report
Blue Brain Seminar ReportVarun A M
 
intelligent school, education process management
intelligent school, education process managementintelligent school, education process management
intelligent school, education process managementHarry C
 
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...Rohit Srivastava
 
Hyperloop VTU Seminar Report
Hyperloop VTU Seminar ReportHyperloop VTU Seminar Report
Hyperloop VTU Seminar ReportUmar Ahmed
 

Viewers also liked (20)

Technology For Best Schools ( i school )
Technology For Best Schools ( i school )Technology For Best Schools ( i school )
Technology For Best Schools ( i school )
 
Rakesh b.tech
Rakesh b.techRakesh b.tech
Rakesh b.tech
 
Dc project 1
Dc project 1Dc project 1
Dc project 1
 
Test
TestTest
Test
 
Alien cicatrix-2-simbad-corrado-malanga
Alien cicatrix-2-simbad-corrado-malangaAlien cicatrix-2-simbad-corrado-malanga
Alien cicatrix-2-simbad-corrado-malanga
 
Transmision media ppt
Transmision media pptTransmision media ppt
Transmision media ppt
 
Charles thompson resume
Charles thompson resumeCharles thompson resume
Charles thompson resume
 
Z42, yucatán. guía de análisis directivo2015 16
Z42, yucatán. guía de análisis directivo2015 16Z42, yucatán. guía de análisis directivo2015 16
Z42, yucatán. guía de análisis directivo2015 16
 
Helmut Jahn
Helmut Jahn Helmut Jahn
Helmut Jahn
 
Albert Chen Work experience20150722
Albert Chen Work experience20150722Albert Chen Work experience20150722
Albert Chen Work experience20150722
 
Farmacos antimicoticos sss
Farmacos antimicoticos sssFarmacos antimicoticos sss
Farmacos antimicoticos sss
 
Knowledge Management
Knowledge ManagementKnowledge Management
Knowledge Management
 
updated Nursing resume
updated Nursing resumeupdated Nursing resume
updated Nursing resume
 
Programa Física Médica USACH
Programa Física Médica USACHPrograma Física Médica USACH
Programa Física Médica USACH
 
Slide uh 5 kls 7 ganjil
Slide uh 5 kls 7 ganjilSlide uh 5 kls 7 ganjil
Slide uh 5 kls 7 ganjil
 
David's short film proposal
David's short film proposal David's short film proposal
David's short film proposal
 
Blue Brain Seminar Report
Blue Brain Seminar ReportBlue Brain Seminar Report
Blue Brain Seminar Report
 
intelligent school, education process management
intelligent school, education process managementintelligent school, education process management
intelligent school, education process management
 
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
A Project report on ERP system in Hindustan Aeronautics Limited(Summer Intern...
 
Hyperloop VTU Seminar Report
Hyperloop VTU Seminar ReportHyperloop VTU Seminar Report
Hyperloop VTU Seminar Report
 

Similar to NMAP Report on Port Scanning

A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
Zmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationsZmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationslosalamos
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLaticiaGrissomzz
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 

Similar to NMAP Report on Port Scanning (20)

A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
Nmap
NmapNmap
Nmap
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
 
Nmap
NmapNmap
Nmap
 
Zmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationsZmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applications
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Zen map
Zen mapZen map
Zen map
 
NMap
NMapNMap
NMap
 
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptx
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 

NMAP Report on Port Scanning

  • 1. M. S. RAMAIAH INSTITUTE OF TECHNOLOGY (AUTONOMOUS INSTITUTE, AFFILIATED TO VTU) A Presentation Report on “NMAP” Submitted in Partial fulfillment of 5th Semester B.E In Information Science and Engineering For the subject Data communication[IS511] Submitted by Deekshapoornashri (1MS13IS141) Greeshma R J (1MS13IS142) Shakunthala B V (1MS14IS412) Shanta (1MS14IS413)
  • 2. M. S. RAMAIAH INSTITUTE OF TECHNOLOGY DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING BANGALORE – 560 054 C E R T I F I C A T E This is to certify that the “Presentation on NMAP” has been successfully completed by: Deekshapoornashri 1MS13IS141 Greeshma R J 1MS13IS142 Shakunthala B V 1MS14IS412 Shanta 1MS14IS413 In partial fulfillment of 5th Semester B.E (Information Science &Engg) for the subject “DATA COMMUNICATION(IS511)” during the period 2015 - 2016, as prescribed by Department of Information Science & Engineering, MSRIT. Signature of Staff Incharge Mr. Suresh kumar Asst. Professor, Dept. of ISE, MSRIT
  • 3. ACKNOWLEDGEMENTS Any achievement, be it scholastic or otherwise does not depend solely on the individual efforts but on the guidance, encouragement and cooperation of intellectuals, elders and friends. A number of personalities, in their own capacities have helped us in carrying out this project work. We would like to take this opportunity to thank them all. We deeply express our sincere gratitude to our guide Prof. Mr.Sureshkumar Assistant Professor, Department of ISE, M.S.R.I.T, Bengaluru, for his able guidance, regular source of encouragement and assistance throughout this project. We would like to thank Dr. VIJAYKUMAR B P, Head of Department, Information Science & Engineering, M.S.R.I.T, Bengaluru, for his valuable suggestions and expert advice. Most importantly, we would like to thank Dr. N.V.R NAIDU Principal, M.S.R.I.T, Bengaluru, for his moral support towards completing our project work. We thank our Parents, and all the Faculty members of Department of Information Science & Engineering For their constant support and encouragement. Last, but not the least, we would like to thank our peers and friends who provided us with valuable suggestions to improve our project.
  • 4. CONTENTS:  Nmap  Features  Performan experiment for portscanning with nmap  How to use nmap  Output screen shots
  • 5. NMAP Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community. Nmap was originally a Linux-only utility, but it was ported to Windows, Solaris, HP-UX, BSD variants (including OS X), AmigaOS, and IRIX. Linux is the most popular platform, followed closely by Windows.
  • 6. FEATURES Nmap features include:  Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.  Port scanning – Enumerating the open ports on target hosts.  Version detection – Interrogating network services on remote devices to determine application name and version number.  OS detection – Determining the operating system and hardware characteristics of network devices.  Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.  Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses. Typical uses of Nmap:  Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.  Identifying open ports on a target host in preparation for auditing.  Network inventory, network mapping, maintenance and asset management.  Auditing the security of a network by identifying new servers.  Generating traffic to hosts on a network.  Find and exploit vulnerabilities in a network.
  • 7. PERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP Port Scanning: Port Scanning is one of the most popular techniques attackers use to discover services they can break into. All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well-known ports. By port scanning the attacker finds which ports are available (i.e., being listened to by a service). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Port Numbers The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned numbers. The port numbers are divided into three ranges: the Well Known Ports (0..1023), the Registered Ports (1024..49151), and the Dynamic and/or Private Ports (49152..65535). Well-Known Ports All the operating systems now honor the tradition of permitting only the super-user open the ports numbered 0 to 1023. These well-known ports (also called standard ports) are assigned to services by the IANA (Internet Assigned Numbers AuthorityPERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP ). On Unix, the text file named /etc/ services (on Windows 2000 the file named %windier% system32 drivers etc services) lists these service names and the ports they use. Here are a few lines extracted from this file: echo 7/tcp Echo ftp-data 20/udp File Transfer [Default Data] ftp 21/tcp File Transfer [Control] ssh 22/tcp SSH Remote Login Protocol telnet 23/tcp Telnet domain 53/udp Domain Name Server www-http 80/tcp World Wide Web HTTP Nmap: Nmap ("Network Mapped") is a free and open source utility for network exploration or security auditing. The six port states recognizedby Nmap Open-An application is actively accepting TCP connections, UDP datagram or SCTP
  • 8. associations on this port. Finding these is often the primary goal of port scanning. Security minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect hem with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because theyshow services available for use on the network. Closed-A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next. Filtered-Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically. Unfiltered-The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rule sets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open. openfiltered-Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way. Closedfiltered-This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
  • 9. Nmap Scan -sS (TCP SYN scan) SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections. SYN scan works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's FIN/NULL/Xmas, Maim on and idle scans do. It also allows clear, reliable differentiation between the open, closed, and filtered states. -sT (TCP connect scan) TCP connect scan is the default TCP scan type when SYN scan is not an option -sU (UDP scans) While most popular services on the Internet run over the TCP protocol, UDPservices are widely deployed. DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68) are three of the most common. Because UDP scanning is generally slower and more difficult than TCP, some security auditors ignore these ports -sY (SCTP INIT scan) SCTPis a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. It is mostly being used for SS7/SIGTRAN related services but has the potential to be used for other applications as well. -sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even open| filtered) ports. It is used to map out firewall rule sets, determining whether they are stateful or not and which ports are filtered.
  • 10. USING NMAP 1)FIND OPEN PORTS ON A SYSTEM 2) FIND THE MACHINES WHICH ARE ACTIVE 3)FIND THE VERSION OF REMOTE OS ON OTHER SYSTEMS 4)FIND THE VERSION OF S/W INSTALLED ON OTHER SYSTEM 1. Download Nmap from www.nmap.org and install the Nmap Software with Win cap Driver utility. 2. Execute the Nmap-Zen map GUI tool from Program Menu or Desktop Icon. 3. Type the Target Machine IP Address(ie, Guest OS or any website Address) 4. Perform the profiles shown in the utility.
  • 11.
  • 12.
  • 13. PERFORM AN EXPERIMENT ON ACTIVE AND PASSIVE FINGER PRINTING USING NMAP. Fingerprinting OS: Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprintingcan be classified into two types  Active Stack Fingerprinting  Passive Stack Fingerprinting Active Stack Fingerprinting It involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database and the OS is identified. It is commonly used method though there are high chances of getting detected. It can be performed by following ways. Using Nmap :Nmap is a port scanning tool that can be used for active stack OS fingerprinting. Syntax: nmap –O ip address Example: nmap –O 192.168.1.88 Passive StackFingerprinting It involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. Passive stack fingerprinting can be performed in following ways.
  • 14. OUTPUT: ACTIVE OS FINGERPRINTING 1. nmap -O 192.168.1.88