Conducting a Common Port Scan with Nmap
Now that you have a basic understanding of Nmap and its capabilities, let's explore how to perform a common port scan using this powerful tool.
One of the most basic and commonly used port scanning techniques is the TCP Connect Scan. This scan attempts to complete a full TCP three-way handshake on each target port, which can provide valuable information about the services running on the target system.
To perform a TCP Connect Scan using Nmap, you can use the following command:
sudo nmap -sT -p- <target_ip_address>
Here's a breakdown of the command:
sudo
: Runs the Nmap command with elevated privileges, which may be necessary to access certain network interfaces.
nmap
: Invokes the Nmap tool.
-sT
: Specifies the TCP Connect Scan technique.
-p-
: Scans all 65,535 TCP ports on the target system.
<target_ip_address>
: Replace this with the IP address or hostname of the target system you want to scan.
Analyzing the Scan Results
After running the TCP Connect Scan, Nmap will provide detailed information about the open ports and associated services on the target system. This information can be used to identify potential entry points or vulnerabilities that may need to be addressed.
The Nmap output will typically include the following information:
- List of open ports and the services running on those ports
- Operating system and version detection (if possible)
- Timing and performance information about the scan
You can further customize the Nmap command to gather additional information, such as service version detection, OS fingerprinting, or script-based vulnerability scanning.
sequenceDiagram
participant Attacker
participant Nmap
participant Target
Attacker->>Nmap: Run TCP Connect Scan
Nmap->>Target: Attempt TCP handshake on each port
Target->>Nmap: Respond with open/closed ports
Nmap->>Attacker: Display scan results
Port |
Service |
Version |
22 |
SSH |
OpenSSH 8.2p1 |
80 |
HTTP |
Apache 2.4.41 |
443 |
HTTPS |
Apache 2.4.41 |
3306 |
MySQL |
5.7.29 |
Remember, conducting port scans without explicit permission may be considered unethical or even illegal in some cases. Ensure that you have the necessary authorization and follow all applicable laws and regulations when performing any cybersecurity activities.