The document discusses the process of port scanning, focusing on identifying open network ports and their potential vulnerabilities using tools like nmap. It outlines the importance of port scanning for network security and various types of scans, detailing specific ports and their functions, benefits, and related threats. The conclusion emphasizes the necessity of understanding these elements to protect web servers from cyber threats.

2. Based On N-Map Tool

3. Contents
• Introduction to Scanning Open Ports
• Types Of Port Numbers & Their Uses
• Why It’s Important
• How it Works ?
• Types of Scan
• Threats potential of Nmap
• Conclusion

4. Introduction
• Scanning open ports is a process of identifying which
network ports on a system are open and listening for
incoming connections

5. • The process of scanning a computer’s port is called
port scanning. It provides information on whether a
device’s ports are open, closed or filtered.
• It is mainly performed to identify if a port is sending
or receiving any information.
• Port scanning also involves the sending of data to
specific ports and analyzing the responses to
identify vulnerabilities.
• It is also one of the techniques used by attackers to
discover devices/services they can break into.

6. Types Of Port Numbers & Their Uses
• Ports 20 and 21. FTP is used to transfer files between a
client and a server
• Port 22. Secure Shell is one of several tunneling protocols
used to build secure network connections.
• Port 25. Simple Mail Transfer Protocol (SMTP) is
commonly used for email.
• Port 53. Domain name system (DNS) is a critical process
that matches human-readable domain names to machine-
readable IP addresses on the modern internet. It helps
users load websites and applications without typing in a
long list of IP addresses.

7. • Port 80. HTTP is the protocol that enables the World
Wide Web.
• Port 123. Network Time Protocol helps computer
clocks sync with each other. It's a vital process
in encryption
• Port 179. Border Gateway Protocol (BGP) helps
establish efficient routes between the large networks
or autonomous systems that make up the internet.
These large networks use BGP to broadcast which IP
addresses they control.

8. • Port 443. HTTP Secure (HTTPS) is like HTTP but
more secure. All HTTPS web traffic goes straight to
port 443. Any network service that uses HTTPS for
encryption, such as DNS over HTTPS, also connects
directly to this port.
• Port 500. Internet Security Association and Key
Management Protocol helps set up secure IP
Security
• Port 3389. Remote Desktop Protocol enables users
to connect to their desktop computers from
another device remotely.

9. Why It’s Important
• Helps in understanding the network
architecture.
• Aids in identifying potential vulnerabilities.
• Critical for network security assessments and
troubleshooting.
• it is used by security professionals to identify
any security vulnerabilities on that particular
network.
• port scanning identifies open ports and
services available on a network

10. How it Works ?
• Tools like Nmap or Zenmap are commonly used for
port scanning.
• Nmap can be a solution to the problem of identifying
activity on a network as it scans the entire system and
makes a map of every part of it.
• A common issue with internet systems is that they
are too complicated for the ordinary person to
understand. Even a small home-based system is
extremely complex.

11. • That complexity grows exponentially when it comes to
larger companies and agencies that deal with
hundreds or even thousands of computers on the
network.
• Nmap can find information about the operating
system running on devices. It can provide detailed
information like OS versions, making it easier to plan
additional approaches during penetration testing.
• During security auditing and vulnerability scanning,
you can use Nmap to attack systems using existing
scripts from the Nmap Scripting Engine
• Nmap has a graphical user interface called Zenmap. It
helps you develop visual mappings of a network for
better usability and reporting.

12. Types of Scans:
• TCP SYN Scan –A TCP SYN scan is a stealth scan used to
determine if ports on a target system are open, closed or
filtered. Nmap sends a SYN packet to the target and waits
for a response. If the target responds with a SYN/ACK
packet, the port is considered open and ready to establish
a connection.
• It is also known as Half Open Scan since it is a two-way
communication channel and the scanner doesn’t close the
open connections.
• TCP FIN Scan – This scan, mostly used by attackers, has
the ability to pass through firewalls and other scan
detection programs.
• When the attacking system sends FIN packets to the
targeted system, the closed ports will respond with a reset
response while the open ports will ignore the packets.

13. • TCP XMAS Scan – This scan is used to identify the listening
ports on the targeted system.
• TCP Null Scan – An extremely stealthy scam, TCP Null Scam
sets all the header fields to null, which means when an
attacker sends a packet, instead of turning on the flags in
the header that would cause the packet to be received as
invalid by the host, the NULL scan turns off the header flags.
• Vanilla TCP Connect Scan –A vanilla scan is a full connect
scan, meaning it sends a SYN flag (request to connect) and
upon receiving a SYN-ACK (acknowledgement of
connection) response, sends back an ACK flag.
• Ping Scan – The Ping scan utilizes the “ping” command to
scan the computers that are active.

14. Threats potential of Nmap
• Port 80 (HTTP):
• Function: This port is commonly used for HTTP
traffic, serving web pages and content.
• Benefits: Allows users to access the website via a
web browser.
• Potential Threats: Vulnerable to attacks like HTTP
floods, DDoS attacks, and web application
vulnerabilities.

15. • Port 443 (HTTPS):
• Function: Secure version of HTTP, using SSL/TLS
encryption for secure data transfer.
• Benefits: Ensures data confidentiality and integrity
during communication.
• Potential Threats: SSL/TLS vulnerabilities, man-in-the-
middle attacks, and SSL Stripping

16. • Port 22 (SSH):
• Function: Secure Shell protocol for secure remote
access and control over the server.
• Benefits: Allows administrators to securely manage
the server remotely.
• Potential Threats: Brute force attacks, SSH key
compromise, and man-in-the-middle attacks.

17. • Port 21 (FTP):
• Function: File Transfer Protocol for transferring
files between a client and server.
• Benefits: Facilitates easy file uploads and
downloads.
• Potential Threats: FTP bounce attacks, plaintext
authentication vulnerabilities, and FTP protocol
weaknesses.

18. • Port 3306 (MySQL):
• Function: MySQL database server port for database
management and querying.
• Benefits: Allows web applications to interact with
the database for dynamic content.
• Potential Threats: SQL injection attacks,
unauthorized access to the database, and database
server vulnerabilities.

19. • Port 25 (SMTP):
• Function: Port 25 is used for SMTP (Simple Mail
Transfer Protocol), which is responsible for sending
outgoing mail from an email client to a mail server.
• Benefits: Facilitates the exchange of email messages
between mail servers. Enables organizations to send
and receive emails.
• Potential Threats: SMTP is susceptible to email-
related threats such as spamming, phishing, and
email spoofing. Open SMTP relays can be exploited
by attackers to send unsolicited emails or launch
email-based attacks.

20. • Basic Scan: The simplest Nmap command is nmap,
followed by the target you want to scan. For
example:

21. • Scan a Specific Port Range: You can specify a range
of ports to scan using the -p option. For instance, to
scan ports 1 to 1000, you can use:

22. • Scan Service Version: To scan service Version ports,
you can use the -sV option:

23. • Traceroute: To scan Traceroute, you can use the--
traceroute option:

24. • Operating System Detection: Nmap can attempt to
determine the operating system of the target host
using various techniques. You can enable OS
detection using the -O option:

25. • TCP SYN Scan (-sS): This is one of the most
common and stealthy scan types. It sends SYN
packets to the target ports and listens for SYN-ACK
responses to determine open ports

26. • Comprehensive Scan (-A): This scan type enables
aggressive options including OS detection, version
detection, script scanning, and traceroute.

27. • --script vuln option in Nmap is used to enable the
execution of Nmap NSE (Nmap Scripting Engine)
scripts related to vulnerability detection.

29. Conclusion
• Port scanning provides valuable insights into the
services running on a web server, helping to identify
potential vulnerabilities and security risks. By
understanding the functions, benefits, and threats
associated with each open port, organizations can
take appropriate measures to secure their web
servers and protect against potential cyber threats.

30. Thank You!!