Port scanning is basically scanning the port status whether they are open or closed. There are many ways to carry port scanning but one of the best tool for port scanning that I have came across is nmap and zenmap. There are many options provided by nmap with list of commands. The following below are the some of the commands which are very useful while doing penetration testing or gathering information about the victim.
Simple nmap scan.
Type nmap victimaddress
Trying to check all ports that are available .
Type nmap -p 1-65535 victimaddress.
As you can see the difference in output as in the first part only 1000 ports are scan and in the second part all 65535 ports are scan.
In BackTrack, the Nmap configuration files (such as the default port scan list) are located in /usr/local/share/nmap/.
Now scanning across the network to check whether a particular port is open or not.
Type nmap -p 139 victim’snetworkaddress.
As the output is not readable format we would convert in readabel format and most common and easy is ”greppable”.
Type nmap -p 139 victim’snetworkaddress -oG filename.txt
To extract only Ip address from the file
type cat filname.txt | cut -d “ “ -f2.
As of now we have information about the open port of a particular machine but we need information about the operating system because while attacking operating system matters a vital role as exploit would be selected based on operating system.
Now we would combining the operating system scan and check which systems has open port 139 and saving the output in txt file.
Type : nmap -p 139 victim’snetworkaddress -oG filename.txt
cat filename.txt | grep open | cut -d “ “ -f2 > filename-ips.txt
nmap -O -iL filename-ips.txt -oG filename-os.txt
cat filename-os.txt | grep open | cut -d “:” -f5
Now we can also find which port are running which services by typing nmap -sV 1victimaddress.
Port scanning can be used through graphical interface instead of command prompt. For that Zenmap is used. Open zenmap
Enter the address and the type of scan from the options and scan it.
Select Ports/ host tab for information about port
For Host information select Host Details tab and operating system update can be found out.
Upcoming post would be focussing on more nmap commands which would are helpful to get more information.