1
00:00:00,700 --> 00:00:06,370
Hello, my name is Stephanie, and in this lecture you will learn how to discover open ports with Nmap.

2
00:00:06,400 --> 00:00:13,000
In the realm of network reconnaissance, one of the most valuable tasks is to determine the port states

3
00:00:13,000 --> 00:00:14,200
of a target.

4
00:00:14,230 --> 00:00:22,330
This process is commonly known as port scanning, so Nmap, the versatile network scanning tool, excels

5
00:00:22,360 --> 00:00:27,670
at this task, so providing a valuable insights into the running services on a target.

6
00:00:27,670 --> 00:00:34,450
So in this segment we will explore essential Nmap options related to port scanning and learn how to

7
00:00:34,450 --> 00:00:38,500
effectively list open ports on a target segment.

8
00:00:38,530 --> 00:00:39,340
One.

9
00:00:40,070 --> 00:00:44,230
Launching the default scan to initiate a default scan with Nmap.

10
00:00:44,240 --> 00:00:52,340
All you need to is the target information, which can be an IP address hostname or even a network range.

11
00:00:52,340 --> 00:00:54,290
So let's take a look at this example here.

12
00:00:54,290 --> 00:00:56,270
So Nmap could easily.

13
00:00:57,800 --> 00:00:58,640
Dot com.

14
00:00:59,090 --> 00:01:07,100
So here this command will initiate a scan on the target host Qatar Telecom and provide detailed information

15
00:01:07,100 --> 00:01:11,210
about the open ports and their corresponding services.

16
00:01:11,240 --> 00:01:13,490
And here it is, the output here.

17
00:01:13,490 --> 00:01:19,100
And as you can see, Tron 988 filtered TCP ports and so on.

18
00:01:19,100 --> 00:01:21,020
So you will also learn what is here.

19
00:01:21,020 --> 00:01:23,150
So in segment two, which is.

20
00:01:24,240 --> 00:01:28,530
Segment two, so you will understand the scan results here.

21
00:01:28,530 --> 00:01:35,640
So the scan result generated by Nmap offer a crucial information about a target host.

22
00:01:35,670 --> 00:01:44,000
Let me actually open the grommet here and I will draw things on the screen to explain this better.

23
00:01:44,010 --> 00:01:45,570
So here.

24
00:01:46,940 --> 00:01:55,700
Here we have alongside with the IPv4 and IPv6 addresses, reverse DNS names and latency details.

25
00:01:55,730 --> 00:02:04,010
The results highlight the ports and their respective states, and the port states are categorized like

26
00:02:04,010 --> 00:02:04,580
this here.

27
00:02:04,580 --> 00:02:07,640
So in first year we have open.

28
00:02:08,950 --> 00:02:09,850
Open ports.

29
00:02:09,880 --> 00:02:12,370
This this here in open here.

30
00:02:12,370 --> 00:02:15,190
As you can see, all of these ports are open here.

31
00:02:15,280 --> 00:02:25,270
So with this we are indicating so Nmap is indicates that a service is actively listening for connections

32
00:02:25,270 --> 00:02:27,730
on the port open here.

33
00:02:27,730 --> 00:02:30,400
And also we have the closed.

34
00:02:32,500 --> 00:02:33,550
With this here.

35
00:02:34,240 --> 00:02:42,760
Nmap indicates to us that the probes were received, but no service was detected on the port.

36
00:02:42,760 --> 00:02:45,370
And we also have the filtered.

37
00:02:49,400 --> 00:02:50,000
Filter it.

38
00:02:50,300 --> 00:02:56,870
So this indicates that the probe's reception could not be determined possibly due to the filtering mechanisms.

39
00:02:56,870 --> 00:02:59,870
And we also have on filtered.

40
00:03:06,850 --> 00:03:13,840
So with this here, iMap indicates us that the probes were received, but the state couldn't be established

41
00:03:13,840 --> 00:03:17,350
and we also have open filter it here.

42
00:03:18,010 --> 00:03:24,310
This means that indicates that the port appears to be either open or filtered, but the state couldn't

43
00:03:24,310 --> 00:03:25,000
be determined.

44
00:03:25,000 --> 00:03:27,850
And we also have the.

45
00:03:29,410 --> 00:03:35,800
Klaus filtered here, which indicates that the port appears to be either closed or filtered, but the

46
00:03:35,800 --> 00:03:37,450
state couldn't be determined.

47
00:03:39,060 --> 00:03:41,430
And here we will also learn the.

48
00:03:45,310 --> 00:03:47,500
How to customize Nmap scans.

49
00:03:47,500 --> 00:03:55,660
So while the default scan provides a valuable information, Nmap offers a plethora of customization

50
00:03:55,660 --> 00:03:56,230
options.

51
00:03:56,230 --> 00:04:05,020
So for instance, for instance, you can specify alternative DNS server using the DNS servers option

52
00:04:05,020 --> 00:04:09,670
like this DNS servers option to control DNS resolution during the scan.

53
00:04:09,760 --> 00:04:16,630
For example, this Nmap DNS server here and we will enter the Google DNS here one eight, eight eight

54
00:04:16,630 --> 00:04:16,990
here.

55
00:04:16,990 --> 00:04:26,890
And after that comma we will type and 8.8.94.4 here and now we will do console.com.

56
00:04:26,890 --> 00:04:36,390
So by providing this DNS server, Nmap will utilize this servers for hostname resolution and here further.

57
00:04:36,620 --> 00:04:43,720
Furthermore, Nmap performs host discovery to determine if the target is online before conducting port

58
00:04:43,720 --> 00:04:50,870
scanning and you can skip the host discovery step using the pen option here.

59
00:04:53,350 --> 00:04:59,470
After Nmap p an uppercase and lowercase n here.

60
00:05:00,220 --> 00:05:04,480
And here you will see another result.

61
00:05:04,480 --> 00:05:04,990
It might.

62
00:05:05,020 --> 00:05:05,860
It might take here.

63
00:05:05,860 --> 00:05:08,860
Actually, let me use the sudo here.

64
00:05:09,010 --> 00:05:10,990
Sudo enter password.

65
00:05:10,990 --> 00:05:11,710
That's it.

66
00:05:12,100 --> 00:05:20,620
And here this command will directly indicate initiate port scanning without prior post discovery with

67
00:05:20,650 --> 00:05:24,850
uppercase and lowercase n options here.

68
00:05:39,500 --> 00:05:46,370
And here Nmap employs various tick scan techniques depending on the user's privileges, and the default

69
00:05:46,370 --> 00:05:55,550
scan can utilize a synchronized scan, stealth scan or TCP connect scan here so these techniques ensure

70
00:05:55,550 --> 00:06:00,670
comprehensive port scanning while considering the user's pillages and network environment.

71
00:06:00,680 --> 00:06:08,540
So port scanning with Nmap unravels the network services running on a target, enabling us to gain insights

72
00:06:08,540 --> 00:06:15,680
into potential vulnerabilities and secure our networks by understanding the scan results here, customizing

73
00:06:15,680 --> 00:06:22,730
the Nmap scans and being aware of the underlying scan techniques so we can effectively explore open

74
00:06:22,730 --> 00:06:26,100
ports and their associated services here.

75
00:06:26,120 --> 00:06:34,460
Now, as you can see, we are seeing services FTP, Smtp, FTP domain, Http, Pop3, iMap and so on.

76
00:06:34,460 --> 00:06:42,390
So equip yourself with Nmap port scanning progress and unlock the secrets hidden within your network.