Expanding Your Scanning Knowledge
Now that you have grasped the basics of TCP Connect scanning, it's time to take your knowledge to the next level. In this section, we'll learn how to scan multiple ports and understand how to interpret the results. This will help you gain a more comprehensive view of the network services running on a target system.
Scanning Common Ports
Let's start by scanning the most common ports on your local machine, also known as the localhost. These common ports are often used by well - known network services.
nmap -sT localhost --top-ports 10 > /home/labex/project/common_ports_scan.txt
In this command, the -sT
option tells Nmap to perform a TCP Connect scan. The localhost
specifies the target, which is your own machine. The --top-ports 10
option instructs Nmap to scan the 10 most commonly used ports. The >
symbol redirects the output of the scan to a file named common_ports_scan.txt
in the /home/labex/project
directory.
Now, let's see the results of this scan:
cat /home/labex/project/common_ports_scan.txt
The cat
command is used to display the contents of a file. When you run this command, you'll see a list of ports. For example, port 21 is used for FTP (File Transfer Protocol), port 22 for SSH (Secure Shell), port 23 for Telnet, port 25 for SMTP (Simple Mail Transfer Protocol), and port 80 for HTTP (Hypertext Transfer Protocol). On your system, most of these ports will probably be closed, unless you have specific services running. For instance, if our HTTP server on port 8080 is among the top 10 ports, it will show as open.
Scanning a Range of Ports
In addition to scanning common ports, you can also scan a specific range of ports. Let's scan ports from 8000 to 8100 on your localhost.
nmap -sT localhost -p 8000-8100 > /home/labex/project/port_range_scan.txt
Here, the -p 8000 - 8100
option tells Nmap to scan the ports in the range from 8000 to 8100. The output of this scan is redirected to a file named port_range_scan.txt
in the /home/labex/project
directory.
To view the results of this scan:
cat /home/labex/project/port_range_scan.txt
In the output, you should see that port 8080 (if it's within the scanned range) is open, while the other ports in the range are likely to be closed.
Combining Techniques
Let's combine the techniques we've learned so far. We'll perform a TCP Connect scan and also try to detect the services running on the ports in the range from 8000 to 8100.
nmap -sT -sV localhost -p 8000-8100 > /home/labex/project/combined_scan.txt
The -sV
option is used to enable service detection. This means that Nmap will not only tell you whether a port is open or closed but also try to identify the service running on the open ports. The output of this combined scan is saved in the combined_scan.txt
file in the /home/labex/project
directory.
To check the results:
cat /home/labex/project/combined_scan.txt
This scan provides the most detailed information so far. It shows the state of each port in the specified range and attempts to identify the services running on the open ports.
Cleaning Up
Before we finish this lab, we need to clean up by stopping the Python HTTP server we've been using. First, we need to find the process ID (PID) of the server.
ps aux | grep "python3 -m http.server 8080"
The ps aux
command lists all the running processes on your system. The |
symbol is a pipe, which takes the output of the ps aux
command and passes it to the grep
command. The grep
command then searches for the line that contains the text "python3 -m http.server 8080"
, which is the command used to start the Python HTTP server.
Look for the line that shows the Python HTTP server process. The second column of this line contains the process ID (PID). Once you've noted the PID, you can use the kill
command to stop the process.
kill <PID>
Replace <PID>
with the actual process ID you found. For example, if the PID is 1234, you would run:
kill 1234