Use Nmap to Scan Common Network Ports

Introduction

In this lab, you will learn how to use Nmap for scanning common network ports. Port scanning is a crucial technique in network security, which helps identify open ports on a target system. These open ports can be potential entry points for attackers, so it's an essential skill for network administrators and security professionals.

By mastering Nmap, a powerful open - source network scanning tool, you can discover active services on a network, assess security vulnerabilities, and maintain the integrity of your systems.

Understanding Network Ports and Installing a Web Server

Before we start scanning ports, it's crucial to understand what network ports are and why they are significant in the field of cybersecurity. Network ports play a vital role in enabling communication between different applications and services within a computer network. They act as gateways that allow data to flow in and out of a system, making them an essential concept to grasp for anyone interested in network security.

What are Network Ports?

Network ports are virtual endpoints for communication in a computer network. Think of them as doors through which different applications and services can send and receive data. They allow multiple applications and services to share network resources on the same system without interfering with each other. Ports are identified by numbers ranging from 0 to 65535, and different ranges of these numbers are designated for specific purposes:

Ports 0 - 1023: These are well - known ports reserved for standard services. For example, HTTP (used for web browsing) typically uses port 80, FTP (for file transfer) uses port 21, and SSH (for secure remote access) uses port 22.
Ports 1024 - 49151: These are registered ports for specific applications. Software developers can register a particular port number for their application to use.
Ports 49152 - 65535: These are dynamic or private ports. They are used by applications when they need to establish a temporary connection.

Setting Up a Web Server for Scanning

To practice port scanning, we will first set up a web server on our local machine. A web server is a program that uses HTTP (Hypertext Transfer Protocol) to serve files that form web pages to users. When a user types a website address in their browser, the browser sends a request to the web server, and the server responds by sending the appropriate web pages. By default, web servers run on port 80.

Open a terminal window in the LabEx VM environment. The terminal is a text - based interface that allows you to interact with the operating system by typing commands. You should be in the default directory /home/labex/project. To confirm your current directory, you can use the following command:
```
pwd
```
The pwd command stands for "print working directory". When you run this command, it will show you the path of the current directory you are in. You should see output like this:
```
/home/labex/project
```
Install the Apache2 web server using the following command:
```
sudo apt update && sudo apt install apache2 -y
```
The sudo command is used to run commands with administrative privileges. apt update updates the package information on your system, ensuring that you have the latest information about available software packages. apt install apache2 -y installs the Apache2 web server. The -y option automatically answers "yes" to any prompts during the installation process. You will see a lot of output as the installation progresses, which shows the steps the system is taking to install the software.
Start the Apache2 service:
```
sudo service apache2 start
```
After installing the Apache2 web server, you need to start its service. The service command is used to manage system services. In this case, we are starting the Apache2 service so that it can begin accepting incoming requests.
Verify that Apache2 is running properly:
```
sudo service apache2 status
```
To make sure that the Apache2 service is running as expected, you can use the status option with the service command. This will show you the current state of the Apache2 service. You should see output indicating that Apache2 is active (running), similar to:
```
* apache2 is running
```
You can also verify that the web server is accessible by creating a new "Web Service" tab. Click on the + symbol in the top tab of the virtual environment, select the "Web Service" option, and enter port 80. This will attempt to connect to the web server running on port 80. If everything is set up correctly, it should display the default Apache2 welcome page.

Now that we have a web server running on our system, it has opened port 80 for communication. In the next step, we will use Nmap to discover this open port.

Introduction to Nmap and Performing a Common Ports Scan

Now that we have successfully set up a web server, it's time to learn how to use Nmap to find out which ports are open on our system. Understanding open ports is crucial in network security because open ports can be potential entry points for attackers. By using Nmap, we can identify these ports and take appropriate security measures.

What is Nmap?

Nmap, short for Network Mapper, is a well - known free and open - source tool used for network discovery and security auditing. It has a wide range of applications in the field of network security:

Discovering hosts and services on a network: Nmap can help you find out which devices are connected to a network and what services they are offering. For example, it can detect if there is a file server, a web server, or a mail server on the network.
Creating an inventory of systems running on a network: You can use Nmap to create a list of all the systems on a network, including their IP addresses and the services they are running. This inventory is useful for network administrators to manage and maintain the network.
Checking which ports are open on target hosts: Ports are like doors to a computer. An open port means that a service is listening and ready to accept connections. Nmap can scan a target host to find out which ports are open.
Identifying the operating system and service versions of network hosts: Knowing the operating system and service versions running on a host can help security professionals determine if there are any known vulnerabilities that attackers could exploit.

Common Port Scanning with Nmap

Nmap provides a variety of scanning options. For those who are just starting out, the fast scan option (-F) is very useful. By default, Nmap scans 1000 ports, which can take a long time. The -F option reduces the number of ports to be scanned to the most common 100 ports, making the scan much faster.

Let's perform a fast scan on our local machine to find the web server we just set up:

Open your terminal. In the terminal, you will enter a command to interact with the operating system. Type the following command and press Enter:
```
nmap -F localhost
```
Let's break down this command:
- nmap: This is the scanning tool we are using. It is the main command that tells the system to start a network scan.
- -F: This option enables the fast scan mode. It limits the scan to the 100 most common ports, saving you time.
- localhost: This is the target we are scanning. localhost refers to your local machine, which has the IP address 127.0.0.1.
After you run the command, you will see output similar to this:
```
Starting Nmap 7.80 ( https://nmap.org ) at 2023-XX-XX XX:XX UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000097s latency).
Not shown: 96 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in X.XX seconds
```
This output provides important information:
- The scan was carried out on your local machine, which has the IP address 127.0.0.1.
- Port 80 is open and is running the HTTP service. This is the Apache web server we installed earlier, as by default, Apache listens on port 80.
- The other 96 common ports are closed. They are not shown in detail in the output.
If you want more detailed information, such as the version of the service running on the open ports, you can run a more detailed scan. Use the following command:
```
nmap -sV -F localhost
```
The -sV option in this command tries to figure out the version of the services running on the open ports. The output will be more detailed:
```
Starting Nmap 7.80 ( https://nmap.org ) at 2023-XX-XX XX:XX UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000097s latency).
Not shown: 96 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.X

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in X.XX seconds
```
This output confirms that our Apache web server is running on port 80, and it also tells us the version of the Apache HTTP server.

Understanding the Results

The scan results show that port 80 is open and running the HTTP service. This is what we expect because we installed and started the Apache web server, which by default listens on port 80. In a real - world situation, knowing which ports are open is very important for security professionals:

Identify potential security vulnerabilities: Different services running on open ports may have known vulnerabilities. By knowing which ports are open and what services are running on them, security professionals can check if there are any security risks.
Ensure only necessary services are running: Having unnecessary services running on open ports can increase the attack surface. By identifying open ports, security professionals can make sure that only the services that are actually needed are running.
Verify firewall configurations are working as expected: Firewalls are used to control incoming and outgoing network traffic. By scanning open ports, security professionals can check if the firewall is blocking the ports that should be blocked and allowing the ones that should be open.

Generating Nmap Scan Reports and Understanding Security Implications

In the field of network security, documenting your findings is a crucial step. Nmap provides built-in reporting capabilities that can help us record scan results more effectively. In this step, we'll learn how to generate Nmap reports, analyze the results, and discuss the security implications of open ports. Finally, we'll properly stop the services we started for this lab to ensure the security of the system.

Using Nmap to Generate Reports

Nmap can directly output scan results in various report formats, including plain text, XML, JSON, and more. This is more efficient and accurate than creating reports manually. Let's use Nmap's output options to generate a report:

Run an Nmap scan with output options:

nmap -F -sV localhost -oN /home/labex/project/nmap_report.txt

In this command:

The -F option performs a fast scan (scanning only the 100 most common ports)
-sV attempts to determine the version of services running on open ports
-oN /home/labex/project/nmap_report.txt saves the output in plain text format to the specified file

View the generated report:

cat /home/labex/project/nmap_report.txt

You'll see a report containing complete scan information, including:

Scan time and date
Target information
List of open ports
Services and versions running on each open port

More Report Format Options

Nmap supports multiple output formats suited for different purposes:

-oX filename - Output in XML format, suitable for automated processing
-oG filename - Output in Grepable format, convenient for searching with grep
-oJ filename - Output in JSON format, appropriate for modern applications
-oA filename - Output in all formats (Normal, XML, and Grepable) simultaneously

For example, to generate a report in XML format:

nmap -F -sV localhost -oX /home/labex/project/nmap_report.xml

Understanding the Security Implications of Scan Results

From our scan report, we can see that port 80/tcp is open and running an HTTP service (Apache web server). This has several important security implications:

Potential attack entry point: Open ports are like doors in a building. Each open port can potentially serve as a way for attackers to enter your system.
Service vulnerability risks: Services running on open ports may have security flaws that attackers could exploit.
Communication channel requiring monitoring: Open ports are used for communication, and you need to monitor activity on these ports to detect any unusual behavior.

To ensure port security, you should follow these best practices:

Keep only necessary ports open: Unnecessary open ports increase the attack surface of your system.
Regularly update services using these ports: Updates often include security patches that fix vulnerabilities.
Implement firewall rules to restrict access: Firewalls can help control who can access your system through specific ports.
Monitor port activity for unusual patterns: By monitoring activity, you can detect and respond to potential threats in a timely manner.

Lab Cleanup

Now that we've completed our scanning exercise, it's time to stop the Apache web server. Leaving services running when they're not needed can pose security risks, so proper cleanup is important.

Stop the Apache service:

sudo service apache2 stop

Verify that the service has stopped:

sudo service apache2 status

You should see output indicating that Apache2 is not running, such as:

* apache2 is not running

Confirm that port 80 is closed:

nmap -F localhost

Output should show port 80 closed or not listed in open ports. This cleanup process is crucial in real-world scenarios to ensure services don't continue running when they're not needed, which can pose security risks.

Summary

In this lab, you have learned the fundamentals of network port scanning using Nmap, a powerful open - source tool in network security. You've gained hands - on experience in understanding network ports, setting up a web server with an open port, using Nmap for common ports scans, interpreting scan results, documenting findings in a security report, and shutting down services properly.

These skills are the cornerstone of network security assessment. They are crucial for IT security, network administration, and system management professionals. Mastering port scanning helps identify network vulnerabilities and secure systems from unauthorized access.