In Linux, Port scanning is a method to find or check open ports of a computer. There are two kinds of ports to scan for in TCP/IP Internet Protocol, TCP(Transmission Control Protocol), and UDP(User Datagram Protocol).
In this hands-on lab, learners will learn how to enumerate network services by using port scanning in Linux. To accomplish this task, first, they will configure the HTTP, FTP, and SSH services on a test server, and then scan the network for IP address to MAC address information by using the Netdiscover tool. Next, they will perform a port scan by using the Masscan utility. Finally, they will perform a port scan by using the Netcat utility. The other guided and advanced challenges in this series are “Use Banner Grabbing Techniques to Enumerate Services on a Linux Server” and “Can You Use Wireshark to Intercept Network Traffic?”
Understand the Scenario
In this virtual lab, you are a system administrator responsible for server security. You are required to discover devices on your network by using port scanning. You will use a default installation of CentOS 7 Linux with the Server with the GUI package installed, and default installation of Kali Linux.
Configure the target server
In this section of the virtual lab, learners will learn how to configure the target server. To accomplish this task, first, they will get root privileges by using su - root, and then in the lab interface, they will select Resources, and then on the DVD Drive menu, select InstallationScript1.iso. Next, they will run a few important Linux commands to configure access to the installation scripts on the DVD drive and run the bash script to configure the CentOS7-A virtual machine for the lab. After this, they will determine the IP address by using the ip command and then record the IP address. Finally, they will check and confirm that they have executed the /media/install-script-1.bash script.
Perform a port scan by using Netdiscover
Netdiscover is a single ARP scanner that can be utilized to scan for live hosts in a network. It can scan for various subnets and completely gives the output in a live display. This can be applied in the first stages of a pen-testing where users have access to a network. Netdiscover is a simplistic and initial-recon tool. In this section of the lab, you will switch to the Security-CS1-Kali virtual machine, open the terminal application, and then start a basic IP to MAC scan of the 192.168.1.0 subnet netdiscover command. The Netdiscover tool uses the Address Resolution Protocol (ARP) to recognize systems that could be targeted in an attack by using other utilities. Finally, you will check your work and confirm that you have completed a basic IP to the MAC address scan by using the Netdiscover utility.
Perform a port scan by using Masscan
Masscan is found to be one of the fastest Internet port scanners. It can scan the whole Internet in 6 minutes, transferring 10 million packets per second. It provides results just like Nmap. In this section of the virtual lab, you will perform a port scan by using Masscan. To accomplish this task, you will run masscan command and use the masscan command with the verbose option to run a port scan on port 80. Next, you will use the telnet command and the IP address to spoof a connection attempt to each of the ports identified in the above port scan. After discovering open service ports by using port scanning, you will use telnet to conduct a banner grab attack to learn about the systems that provide the services. Finally, you will check your work and confirm that you have executed a port scan by using the Masscan port scanner, and you have executed a banner grab by using the Telnet utility.
Perform a port scan by using Netcat
Netcat is a network utility tool. It is used for reading network connections utilizing the TCP and UDP protocol. The most basic application for Netcat is configuring reverse and bind shells, piping and redirecting network transfer, port monitoring, debugging applications and scripts, and banner grabbing. In this section of the lab, learners will perform a port scan using Netcat. To accomplish this task, you will run the Netcat command to execute a port scan of the CentOS7-A virtual machine, and then report open ports from 20-80. Next, execute a banner grab of port 22 and port 80 by using Netcat and execute a banner grab of port 21 by using Netcat. Finally, you will check your work and confirm that you executed a port scan of the CentOS7-A virtual machine by using Netcat, and you executed a banner grab by using Netcat.
Lab Summary Conclusion
After completing the “Enumerate Network Services by Using Port Scanning in Linux” virtual lab, you will have accomplished the following:
- Provisioned a Linux server with HTTP, FTP, and SSH services.
- Resolved IP addresses and MAC addresses by using Netdiscover.
- Scanned for listening ports by using Masscan.
- Scanned for listening ports by using Netcat.