NMAP

Course
Time
6 hours 31 minutes
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:00
now we'll do. Ah, awesome. UDP scans
00:03
and I just wantedto tell you that UDP skins do take longer so I'll try to minimize the the number of ports that we scan here. But, Phil Frito, test it on your own.
00:22
So
00:24
syntax is using ah dash s you and then the rest of it is the same dash P space and then the port number.
00:33
And as I've told you before, I like to put the target at the end.
00:40
Okay, that was pretty quick scan, Really, Even though it was UDP
00:44
and for 53 is open on UDP
00:48
just d N s.
00:50
So we'll do Ah,
00:51
clear screen and I'll d'oh
00:56
map Dash s u
00:58
dash p will do multiple beauty people. It's this time
01:08
and I don't know if you noticed, but I'm choosing ports that I know
01:12
responded in previous scans.
01:15
So it enter
01:22
why this one
01:25
responded, I think. But I know RBC Bind
01:30
can be found on Windows Server So I wanted you to also see that the state here is open filtered.
01:37
Oh, and 1 11 is closed.
01:41
So it's really good information.
01:46
All right, Now do and map dash, s u
01:59
all right. This one takes a little bit of time, so go and run it.
02:02
And the main point here was to show you again that you can
02:07
separate reports by comma, But then you can also do a range,
02:10
and you could do the range first and then a comma and then specific ports if you want, or vice versa.
02:17
There's a lot of flexibility here in that map
02:21
entered to seethe status.
02:24
I mean,
02:36
all right, I'm gonna go and cancel the scan because I don't want to make this lab longer than it needs to be. You get the point? I think
02:43
so. Have a control. See,
02:46
Clear the screen again
02:51
and again. I want to show you that you could do Ah,
02:53
uh,
02:55
a name service scan, which is like a map
03:00
s You
03:12
so the same with TCP. You can specify it by the names of the service's.
03:19
And we see,
03:20
uh,
03:21
port states of open, open, filtered and closed on the service's and these ports,
03:27
and they're all GDP.
03:28
All right, so
03:30
I think you get the point there.
03:31
Now I want to show you how to do TCP syn and UDP scans of specific target specific ports.
03:38
So do a M out Dash s s
03:42
Dash s u
03:45
with a fast scan.
03:52
I actually think I might have already shown you this scan, but again, the main point is,
03:58
if you include Dash s Capitol you, which is UDP scan.
04:02
But you also want a TCP skin. You have to specify it. Otherwise, it'll Onley scan UDP So
04:09
I think I already showed you. So I'm gonna cancel that one.
04:14
So you and map Dash s
04:15
oops s
04:18
huh? Did again?
04:20
Yes. You
04:28
all right? This should go fast. I'm scanning T c b N u T p ports 53.
04:34
And the reason why I chose 53 is because that's d N s d n a server and client uses
04:41
Port 53.
04:43
So
04:46
I knew that those sports would be open on this window's 2012 server box.
04:54
Okay, so we'll do a N map.
04:56
Desh es es
04:59
you
05:15
All right. So this scans a couple of different TCP and UDP ports
05:19
specified here,
05:21
so the dash p and then followed by the port numbers
05:27
here
05:28
means that that since I'm doing a sin scan and the UDP scan,
05:32
it's gonna scan these sports
05:35
of both of those types of scans.
05:40
And the reason I'm pointing that out is because in a minute I want to show you how you can specify
05:45
different TCP ports than you. DP ports
05:51
hit. Enter.
05:54
There you go. So there's the results. You can see all of the UDP port scan
06:00
and their names.
06:01
Which ones are open,
06:03
and then
06:04
the TCP ports scanned
06:08
and their status in their names.
06:13
All right, so clear the screen. So here's where the rubber hits the road. I guess in some ways will do Ah,
06:18
uh,
06:19
scan that skins
06:21
different TCP ports
06:25
and you dp ports. So do and map
06:28
just like the other ones s U
06:31
So the syntax is t
06:41
and then a comma right afterwards.
06:50
So you see what I've done here. Here's the port. We already know that we're doing Ah, TCP Anna UDP scan
07:00
separated with a space minute Capital T colon. The number of the TCP ports I wanna scan comma you dp ports,
07:09
followed by, um,
07:11
colon and then the range. In this case, this might take a little bit of time to run, but
07:57
right and there's a results
07:59
you see the open TCP ports and the open UDP port No been filtered UDP port.
08:07
So the main point there wasjust to show you howto
08:11
how to do both at the same time and show you that the same flexibility from earlier scans applies to
08:20
when you want to do specific TCP ports and you d be boards. All right, so this is the last one, and I just want to show you the kind of the flexibility of n map.
08:46
All right, so the targets the same
08:48
both sent since can and UDP scan.
08:52
But notice that I put names of service is
08:58
and
08:58
numbers in there, too, So I could even modify this if I wanted Thio and
09:05
add additional TCP ports. Let's say 33 89.
09:09
Um And so the point is you can put numbers or you can put the names
09:16
all right, there's a fast scan. So
09:18
that's end of this lab. Just remember, with almost every scan that you run, you can choose the TCP and you tbe ports that are scanned and leave those that you aren't interested off. The most important part to remember is the dash P, followed by the port designation.
09:35
And the second most important part is to remember that in order to do a TCP and UDP scan,
09:41
you have to specify the type of DCP scan to run along with the Dash s Capitol. You
09:46
if you only put a Dash s Capitol you on Lee UDP scan Looker.
09:52
Thank you so much.
09:54
In this lesson, we learned about the following
09:58
first we talked about what port scanning is next. We discussed the different ports states recognized by N map.
10:03
Then we determined why we scan ports in the first place.
10:07
Then we applied that knowledge by talking about how port scanning is performed an end map and work through several examples in a lab.
10:16
Thanks so much for working through this lesson with me, and I'll talk to you again in the next one.

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor