Nmap & Port Scanning

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right let's talk about nmap and port scanning and what that's all about because it's a really cool but also a little bit scary thing tool stuff and so we're going to talk about what it is what port scanning is and why you should care so in this video we're going to talk about what port scanning is first of all what information you can learn from port scanning and then also how nmap works to do some port scanning i'll show you what a port scan looks like and what information we can learn from it so port scanning is a way to find out what ports specifically when we talk about ports we're talking about transport layer tcp udp those ports and and typically with a focus on tcp because most services like http ssh telnet all of those use tcp so it's most the tcp ports are the most interesting but by far they are not the only ports that are open or accessible on a machine just the main focus because those are the services that are most interesting and also most likely to be attacked which is a big reason why port scanning is a thing so the purpose of port scanning is to figure out what ports are open and also what is running on those ports specifically what services might be available what services might be running on those ports because as you know ports there's default ports for things there's http port 80 there's ssh for port 22 on all on tcp there's https on 443 there's telnet on 23 there's doom on 666. all of those ports are the defaults but services don't have to use the default port and so you can use some probing tools to learn more about what's on the port than just what port it's on obviously most often the default port is going to have the default service if you're on if you see that port 22 is open it's going to have opens or ssh running on it most likely but not every time as you know so what can you learn about a computer from port scanning you can learn what type of operating system it's running because it turns out that when you're talking to a computer windows and linux and mac and different things they talk slightly differently and port scanning tools can use that information use how they talk to figure out what operating system it is and potentially even what version of the operating system again depending on what you've got going on there you can figure out what services are running we've kind of talked about that a little bit and you can even dig down to the point where you might be able to figure out exactly what version of specific software is running on a server and that is hugely important and valuable information from a network mapping perspective understanding what services are going on if you control the network and have absolute control and and can scan everything that's going on in the network you might be able to detect rogue services for example in an enterprise network you may not want people running web servers who aren't supposed to be running web servers so you can use nmap or other network mapping and port scanning tools to identify services that shouldn't be running that are running or run it against your own servers to identify things that shouldn't be there but are there um and identify and gather more information about them so that you can go make that stop so nmap itself and and we'll talk about zenmap a little bit too nmap is a network mapper that's what nmap stands for and it's a tool to do this network mapping including port scanning and that's just one part of what it does but it's the part we're going to focus on here it's a port scanning tool and zenmap is the graphical user interface to make it possible you can run nmap entirely from the command line if you're going to run nmap against a thousand different servers all at once maybe you want to do that from the command line but for us for our purposes you can use the graphical user interface it's a good way to get started and gives you some options an easy way to do things so now let's go to a demo and one thing i want to cover just a slight disclaimer do not run nmap against a service or site that you do not control or without explicit for permission from whoever controls the site you will or can get yourself blocked from those services so if you try to run nmap against google.com google's not going to be too happy about it because when you're running a port scanner you look like somebody who's getting ready to attack the service so don't do that all right now let's get to the demo all right so i've opened up zen map on my computer and you can see this is the interface and it's really simple really all it is is a wrapper around the nmap command to show you what you can do what you can do with nmap and and in fact as you type it's going to really show you exactly what the command is going to be so the very first thing that i'm going to do i'm just going to select the option to do a quick scan and i'm going to do it on basic.shetsler.net which is my super simple website and let's see what information we can get from a basic scan so it's going to take a second i'm going to make myself disappear so that we can see everything that here and it shows us a very basic scan now by default zenmap's not going to scan every single port on a computer because that's going to take a long time there's potentially 65 535 of them and each one of those takes a certain amount of time what it does in in something like a quick scan is scans the very basic services um the most likely ports to be open for example we see 2 22 80 43 potentially 8 000 which is where a lot of development servers are and we don't see a lot of information about those so we can see for example that port 22 is open it's probably running ssh port 80 is open it's probably running http some sort of web service and then 8 000 is open and and you can see that 443 it thinks is sort of open but it's closed and what happened there is that i've got 443 open on the firewall but there's nothing running on that port on the computer so it can detect that i can try to get there and i can touch the computer on port 443 but i can't actually do anything there's nothing there so that is pretty much the extent of it i can look maybe at host details and you can see there's not a lot there um it can see the the domain names for that service the number of scanned ports had only scanned 100 out of those sixty five thousand five hundred and thirty five so let's go back and now do a more intense scan and the more intense scans gonna take a little bit longer so i'm gonna run this intense scan and i'm going to pause while the intent scan completes because it takes a little bit longer than the quick scan does but we're going to have more information to see at the end all right now that's complete so let's go back and look and see what's there so for one it ran a whole bunch more tests you can see it took a lot longer it's doing a whole lot more things and it's gathering a lot more information so we can see the same ports and hosts but instead of doing scanning a hundred ports i believe somewhere in here it says that it scans at least a thousand ports um yeah right here you can see right here it says that it scans a thousand total ports so again this isn't every port it's not 65535 we can tell it to do that with other options but that takes forever and for no additional benefit in this case because i know exactly what's running on that server but these are the most common services and we can look and see that we've got port 22 port 80 port 8000 and interestingly this one has port 9090 which is my it's a python echo server that i'm running on that computer that really doesn't do anything and it isn't something that it isn't something that nmap would recognize and so it's misclassified it there is reverse ssl because it doesn't actually know and i believe somewhere in this scan here so it says port 22 we've got open ssh version 7.4 port 80 we've got h apache httpd version 2.4.46 and it's got the supported method so a whole bunch of information there port 443 is closed 8000 is another port that's running apache so the same information is there and then 90 90 it's saying hey uh i got some stuff here and it says that this service is unrecognized despite returning data so that's exactly what it is it's it's this python server that just provides an echo it's nothing that nmap would be familiar with so it's it's saying hey i saw something here i don't really know what it is and then finally we can so we can look and see all that information here and then we can look at host details and see that there's additional information including what version of linux it has it hasn't detected that it's amazon linux per se but it has detected some information so play around with nmap do a port scan look and see if there's additional information that i haven't shown maybe do an even more intense scan against all tcp ports or include udp or do a regular skin and see what the differences are between those and you're welcome to do it against basic.shetler.net it's just going to sit there doing nothing nothing of high risk there so feel free to attack well don't attack it but feel free to hit it with that port scan okay now that you've seen that map in action let's talk about what you have learned so first of all what information can you learn using port scanning tools like nmap or zenmap what what information is there and second of all how can nmap help attackers learn about a network it's a valuable tool for good or ill what do you need to be concerned about potential attackers learning about your network using tools like nmap why does google care so much that they will block you as soon as they detect that you start running port scanners against it and that's that

Info

Channel: Professor S

Views: 1,580

Rating: 5 out of 5

Keywords:

Id: Eyl0jprrpBk

Channel Id: undefined

Length: 10min 46sec (646 seconds)

Published: Sat Feb 06 2021