Nmap Guide

• https://jenkins96.github.io/

What Is Nmap?

Nmap is a Network Mapper. It is an open-source Linux tool that supports TCP, UDP, ICMP, and SCTP protocols. This tool allows us to do :

• Port Scanning: probing host/server to enumerate running services on each port.
• Network Scanning: the process of identifying active hosts in a network as well as opened ports and their services.

So, this tool can help us scan ports, services, networks, and applications and even detect potential vulnerabilities that might be exploited.

What Is A Port?

A software socket that gives access to the device, and then an application can support that port and we can interact with this application through that port.

It is a software abstraction, used to distinguish between communication channels.

So, ports allow us to differentiate between different services. We know traffic coming on port 80 is HTTP traffic, while port 69 is for TFPT traffic.

The range of available TCP and UDP ports is from 0 to 65535. This range is divided into:

• Well-Known/System Ports: From 0 to 1023. These ports are used by the system processes to provide different types of services.
• Registered Ports: From 1024 to 49151. These ports are assigned by IANA for a specific service.
• Dynamic/Ephemeral Ports: Typically, from 49152–65535. These ports cannot be registered with IANA. However, ephemeral port definitions are defined per OS’s version.

Three-way Handshake

HTTP is based on TCP. Before the very first HTTP message can be sent, we must establish a TCP connection, during this process what is known as the “three-way handshake” must happen before sending an HTTP message.

In short, the sender sends a SYNchronize sequence number. Then, the server ACKnowledges that it received the previous message and also sends its own SYNchronize sequence number. Finally, the client ACKnowledges it received the previous message.

So:

1. Client: SYN.
2. Server: SYN, ACK.
3. Client: ACK.

Of course, there are many interesting details regarding the three-way handshake that we are leaving out here. If you want to understand these messages, please research this topic.

[…]