Use Nmap to Scan Common Network Ports

CybersecurityCybersecurityBeginner
Practice Now

Introduction

In this lab, you will learn how to use Nmap for scanning common network ports. Port scanning is a crucial technique in network security, which helps identify open ports on a target system. These open ports can be potential entry points for attackers, so it's an essential skill for network administrators and security professionals.

By mastering Nmap, a powerful open - source network scanning tool, you can discover active services on a network, assess security vulnerabilities, and maintain the integrity of your systems.

Understanding Network Ports and Installing a Web Server

Before we start scanning ports, it's crucial to understand what network ports are and why they are significant in the field of cybersecurity. Network ports play a vital role in enabling communication between different applications and services within a computer network. They act as gateways that allow data to flow in and out of a system, making them an essential concept to grasp for anyone interested in network security.

What are Network Ports?

Network ports are virtual endpoints for communication in a computer network. Think of them as doors through which different applications and services can send and receive data. They allow multiple applications and services to share network resources on the same system without interfering with each other. Ports are identified by numbers ranging from 0 to 65535, and different ranges of these numbers are designated for specific purposes:

  • Ports 0 - 1023: These are well - known ports reserved for standard services. For example, HTTP (used for web browsing) typically uses port 80, FTP (for file transfer) uses port 21, and SSH (for secure remote access) uses port 22.
  • Ports 1024 - 49151: These are registered ports for specific applications. Software developers can register a particular port number for their application to use.
  • Ports 49152 - 65535: These are dynamic or private ports. They are used by applications when they need to establish a temporary connection.

Setting Up a Web Server for Scanning

To practice port scanning, we will first set up a web server on our local machine. A web server is a program that uses HTTP (Hypertext Transfer Protocol) to serve files that form web pages to users. When a user types a website address in their browser, the browser sends a request to the web server, and the server responds by sending the appropriate web pages. By default, web servers run on port 80.

  1. Open a terminal window in the LabEx VM environment. The terminal is a text - based interface that allows you to interact with the operating system by typing commands. You should be in the default directory /home/labex/project. To confirm your current directory, you can use the following command:

    pwd

    The pwd command stands for "print working directory". When you run this command, it will show you the path of the current directory you are in. You should see output like this:

    /home/labex/project
  2. Install the Apache2 web server using the following command:

    sudo apt update && sudo apt install apache2 -y

    The sudo command is used to run commands with administrative privileges. apt update updates the package information on your system, ensuring that you have the latest information about available software packages. apt install apache2 -y installs the Apache2 web server. The -y option automatically answers "yes" to any prompts during the installation process. You will see a lot of output as the installation progresses, which shows the steps the system is taking to install the software.

  3. Start the Apache2 service:

    sudo service apache2 start

    After installing the Apache2 web server, you need to start its service. The service command is used to manage system services. In this case, we are starting the Apache2 service so that it can begin accepting incoming requests.

  4. Verify that Apache2 is running properly:

    sudo service apache2 status

    To make sure that the Apache2 service is running as expected, you can use the status option with the service command. This will show you the current state of the Apache2 service. You should see output indicating that Apache2 is active (running), similar to:

    * apache2 is running
  5. You can also verify that the web server is accessible by creating a new "Web Service" tab. Click on the + symbol in the top tab of the virtual environment, select the "Web Service" option, and enter port 80. This will attempt to connect to the web server running on port 80. If everything is set up correctly, it should display the default Apache2 welcome page.

Now that we have a web server running on our system, it has opened port 80 for communication. In the next step, we will use Nmap to discover this open port.

Introduction to Nmap and Performing a Common Ports Scan

Now that we have successfully set up a web server, it's time to learn how to use Nmap to find out which ports are open on our system. Understanding open ports is crucial in network security because open ports can be potential entry points for attackers. By using Nmap, we can identify these ports and take appropriate security measures.

What is Nmap?

Nmap, short for Network Mapper, is a well - known free and open - source tool used for network discovery and security auditing. It has a wide range of applications in the field of network security:

  • Discovering hosts and services on a network: Nmap can help you find out which devices are connected to a network and what services they are offering. For example, it can detect if there is a file server, a web server, or a mail server on the network.
  • Creating an inventory of systems running on a network: You can use Nmap to create a list of all the systems on a network, including their IP addresses and the services they are running. This inventory is useful for network administrators to manage and maintain the network.
  • Checking which ports are open on target hosts: Ports are like doors to a computer. An open port means that a service is listening and ready to accept connections. Nmap can scan a target host to find out which ports are open.
  • Identifying the operating system and service versions of network hosts: Knowing the operating system and service versions running on a host can help security professionals determine if there are any known vulnerabilities that attackers could exploit.

Common Port Scanning with Nmap

Nmap provides a variety of scanning options. For those who are just starting out, the fast scan option (-F) is very useful. By default, Nmap scans 1000 ports, which can take a long time. The -F option reduces the number of ports to be scanned to the most common 100 ports, making the scan much faster.

Let's perform a fast scan on our local machine to find the web server we just set up:

  1. Open your terminal. In the terminal, you will enter a command to interact with the operating system. Type the following command and press Enter:

    nmap -F localhost

    Let's break down this command:

    • nmap: This is the scanning tool we are using. It is the main command that tells the system to start a network scan.
    • -F: This option enables the fast scan mode. It limits the scan to the 100 most common ports, saving you time.
    • localhost: This is the target we are scanning. localhost refers to your local machine, which has the IP address 127.0.0.1.
  2. After you run the command, you will see output similar to this:

    Starting Nmap 7.80 ( https://nmap.org ) at 2023-XX-XX XX:XX UTC
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.000097s latency).
    Not shown: 96 closed ports
    PORT   STATE SERVICE
    80/tcp open  http
    
    Nmap done: 1 IP address (1 host up) scanned in X.XX seconds

    This output provides important information:

    • The scan was carried out on your local machine, which has the IP address 127.0.0.1.
    • Port 80 is open and is running the HTTP service. This is the Apache web server we installed earlier, as by default, Apache listens on port 80.
    • The other 96 common ports are closed. They are not shown in detail in the output.
  3. If you want more detailed information, such as the version of the service running on the open ports, you can run a more detailed scan. Use the following command:

    nmap -sV -F localhost

    The -sV option in this command tries to figure out the version of the services running on the open ports. The output will be more detailed:

    Starting Nmap 7.80 ( https://nmap.org ) at 2023-XX-XX XX:XX UTC
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.000097s latency).
    Not shown: 96 closed ports
    PORT   STATE SERVICE VERSION
    80/tcp open  http    Apache httpd 2.4.X
    
    Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in X.XX seconds

    This output confirms that our Apache web server is running on port 80, and it also tells us the version of the Apache HTTP server.

Understanding the Results

The scan results show that port 80 is open and running the HTTP service. This is what we expect because we installed and started the Apache web server, which by default listens on port 80. In a real - world situation, knowing which ports are open is very important for security professionals:

  1. Identify potential security vulnerabilities: Different services running on open ports may have known vulnerabilities. By knowing which ports are open and what services are running on them, security professionals can check if there are any security risks.
  2. Ensure only necessary services are running: Having unnecessary services running on open ports can increase the attack surface. By identifying open ports, security professionals can make sure that only the services that are actually needed are running.
  3. Verify firewall configurations are working as expected: Firewalls are used to control incoming and outgoing network traffic. By scanning open ports, security professionals can check if the firewall is blocking the ports that should be blocked and allowing the ones that should be open.

Documenting Scan Results and Security Implications

In the field of network security, documenting your findings is a crucial step. It helps you keep track of what you've discovered during your scans and understand the potential risks associated with the network. In this step, we'll create a report of our scan results and discuss the security implications of open ports. Additionally, we'll properly stop the services we started for this lab to ensure the security of the system.

Creating a Scan Report

First, we need to create a simple text file to document our findings. A text file is a straightforward way to record the details of our scan, and it can be easily shared and reviewed. In your terminal, you'll create a new file named scan_report.txt in the project directory. Here's the command to do that:

nano /home/labex/project/scan_report.txt

The nano command opens a text editor in the terminal. Once the nano text editor opens, you'll enter the following content into the file. This content includes important information about the scan, such as the date, target, scan type, findings, security implications, and actions taken.

Nmap Scan Report

Date: [Current Date]
Target: localhost (127.0.0.1)

Scan Type: Fast Scan (-F option - scans most common 100 ports)

Findings:
- Port 80/tcp is open, running HTTP service (Apache web server)

Security Implications:
- An open HTTP port (80) indicates a web server is accessible
- This could be a potential entry point if the web server has vulnerabilities
- Recommended to secure the web server with proper configurations

Actions Taken:
- Confirmed the intentional operation of Apache web server
- Service stopped after testing completed

After entering the content, you need to save the file. To save the file in nano, press Ctrl+O, then press Enter. This will write the changes you made to the file. To exit the nano text editor, press Ctrl+X.

Security Implications of Open Ports

Open ports on a system are similar to doors in a building. Each open port can potentially lead to your network, and it represents several things that you need to be aware of.

  1. A service that could have vulnerabilities: Every service running on an open port might have security flaws that attackers could exploit.
  2. An entry point for attackers: Attackers can use open ports to gain access to your system and network.
  3. A communication channel that needs to be monitored: Open ports are used for communication, and you need to keep an eye on the activity through these ports to detect any unusual behavior.

To ensure port security, there are some best practices you should follow:

  • Keeping only necessary ports open: Don't leave unnecessary ports open, as they increase the attack surface of your system.
  • Regularly updating services that use these ports: Updates often include security patches that can fix vulnerabilities.
  • Implementing firewall rules to restrict access: Firewalls can help control who can access your system through specific ports.
  • Monitoring port activity for unusual patterns: By monitoring the activity, you can detect and respond to potential threats in a timely manner.

Cleaning Up

Now that we've completed our scanning exercise, it's time to stop the Apache web server. Leaving services running when they're not needed can pose security risks, so it's important to clean up properly.

  1. Stop the Apache service: Use the following command to stop the Apache service. The sudo command is used to run the command with administrative privileges.
sudo service apache2 stop
  1. Verify that the service has stopped: After stopping the service, you should verify that it has indeed stopped. Use the following command to check the status of the Apache service.
sudo service apache2 status

You should see output indicating that Apache2 is not running, like this:

* apache2 is not running
  1. Confirm that port 80 is no longer open: To make sure that port 80 is closed, run another Nmap scan. The -F option is used to perform a fast scan of the most common 100 ports.
nmap -F localhost

The output should now show that port 80 is closed or not listed among the open ports. This cleanup process is essential in real-world scenarios to ensure that services are not left running unnecessarily, which could pose security risks.

Summary

In this lab, you have learned the fundamentals of network port scanning using Nmap, a powerful open - source tool in network security. You've gained hands - on experience in understanding network ports, setting up a web server with an open port, using Nmap for common ports scans, interpreting scan results, documenting findings in a security report, and shutting down services properly.

These skills are the cornerstone of network security assessment. They are crucial for IT security, network administration, and system management professionals. Mastering port scanning helps identify network vulnerabilities and secure systems from unauthorized access.