SlideShare ist ein Scribd-Unternehmen logo

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap

Als PPTX, PDF herunterladen
B
Boston Institute of Analytics

Empower yourself to see what's lurking on your network with our Nmap project presentation! This presentation delves into the world of port scanning with Nmap, the industry-standard tool. Explore how Nmap works, uncover different scanning techniques (SYN scan, UDP scan, etc.), and learn to identify open ports, potential vulnerabilities, and running services. Whether you're a network administrator, security professional, or simply curious about your network traffic, this presentation equips you with the skills to gain valuable insights into your network health. Visit us for more nmap project presentations, https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/

Technologie
1 von 30
Based On N-Map Tool
Contents • Introduction to Scanning Open Ports • Types Of Port Numbers & Their Uses • Why It’s Important • How it Works ? • Types of Scan • Threats potential of Nmap • Conclusion
Introduction • Scanning open ports is a process of identifying which network ports on a system are open and listening for incoming connections
• The process of scanning a computer’s port is called port scanning. It provides information on whether a device’s ports are open, closed or filtered. • It is mainly performed to identify if a port is sending or receiving any information. • Port scanning also involves the sending of data to specific ports and analyzing the responses to identify vulnerabilities. • It is also one of the techniques used by attackers to discover devices/services they can break into.
Types Of Port Numbers & Their Uses • Ports 20 and 21. FTP is used to transfer files between a client and a server • Port 22. Secure Shell is one of several tunneling protocols used to build secure network connections. • Port 25. Simple Mail Transfer Protocol (SMTP) is commonly used for email. • Port 53. Domain name system (DNS) is a critical process that matches human-readable domain names to machine- readable IP addresses on the modern internet. It helps users load websites and applications without typing in a long list of IP addresses.
• Port 80. HTTP is the protocol that enables the World Wide Web. • Port 123. Network Time Protocol helps computer clocks sync with each other. It's a vital process in encryption • Port 179. Border Gateway Protocol (BGP) helps establish efficient routes between the large networks or autonomous systems that make up the internet. These large networks use BGP to broadcast which IP addresses they control.
• Port 443. HTTP Secure (HTTPS) is like HTTP but more secure. All HTTPS web traffic goes straight to port 443. Any network service that uses HTTPS for encryption, such as DNS over HTTPS, also connects directly to this port. • Port 500. Internet Security Association and Key Management Protocol helps set up secure IP Security • Port 3389. Remote Desktop Protocol enables users to connect to their desktop computers from another device remotely.
Why It’s Important • Helps in understanding the network architecture. • Aids in identifying potential vulnerabilities. • Critical for network security assessments and troubleshooting. • it is used by security professionals to identify any security vulnerabilities on that particular network. • port scanning identifies open ports and services available on a network
How it Works ? • Tools like Nmap or Zenmap are commonly used for port scanning. • Nmap can be a solution to the problem of identifying activity on a network as it scans the entire system and makes a map of every part of it. • A common issue with internet systems is that they are too complicated for the ordinary person to understand. Even a small home-based system is extremely complex.
• That complexity grows exponentially when it comes to larger companies and agencies that deal with hundreds or even thousands of computers on the network. • Nmap can find information about the operating system running on devices. It can provide detailed information like OS versions, making it easier to plan additional approaches during penetration testing. • During security auditing and vulnerability scanning, you can use Nmap to attack systems using existing scripts from the Nmap Scripting Engine • Nmap has a graphical user interface called Zenmap. It helps you develop visual mappings of a network for better usability and reporting.
Types of Scans: • TCP SYN Scan –A TCP SYN scan is a stealth scan used to determine if ports on a target system are open, closed or filtered. Nmap sends a SYN packet to the target and waits for a response. If the target responds with a SYN/ACK packet, the port is considered open and ready to establish a connection. • It is also known as Half Open Scan since it is a two-way communication channel and the scanner doesn’t close the open connections. • TCP FIN Scan – This scan, mostly used by attackers, has the ability to pass through firewalls and other scan detection programs. • When the attacking system sends FIN packets to the targeted system, the closed ports will respond with a reset response while the open ports will ignore the packets.
• TCP XMAS Scan – This scan is used to identify the listening ports on the targeted system. • TCP Null Scan – An extremely stealthy scam, TCP Null Scam sets all the header fields to null, which means when an attacker sends a packet, instead of turning on the flags in the header that would cause the packet to be received as invalid by the host, the NULL scan turns off the header flags. • Vanilla TCP Connect Scan –A vanilla scan is a full connect scan, meaning it sends a SYN flag (request to connect) and upon receiving a SYN-ACK (acknowledgement of connection) response, sends back an ACK flag. • Ping Scan – The Ping scan utilizes the “ping” command to scan the computers that are active.
Threats potential of Nmap • Port 80 (HTTP): • Function: This port is commonly used for HTTP traffic, serving web pages and content. • Benefits: Allows users to access the website via a web browser. • Potential Threats: Vulnerable to attacks like HTTP floods, DDoS attacks, and web application vulnerabilities.
• Port 443 (HTTPS): • Function: Secure version of HTTP, using SSL/TLS encryption for secure data transfer. • Benefits: Ensures data confidentiality and integrity during communication. • Potential Threats: SSL/TLS vulnerabilities, man-in-the- middle attacks, and SSL Stripping
• Port 22 (SSH): • Function: Secure Shell protocol for secure remote access and control over the server. • Benefits: Allows administrators to securely manage the server remotely. • Potential Threats: Brute force attacks, SSH key compromise, and man-in-the-middle attacks.
• Port 21 (FTP): • Function: File Transfer Protocol for transferring files between a client and server. • Benefits: Facilitates easy file uploads and downloads. • Potential Threats: FTP bounce attacks, plaintext authentication vulnerabilities, and FTP protocol weaknesses.
• Port 3306 (MySQL): • Function: MySQL database server port for database management and querying. • Benefits: Allows web applications to interact with the database for dynamic content. • Potential Threats: SQL injection attacks, unauthorized access to the database, and database server vulnerabilities.
• Port 25 (SMTP): • Function: Port 25 is used for SMTP (Simple Mail Transfer Protocol), which is responsible for sending outgoing mail from an email client to a mail server. • Benefits: Facilitates the exchange of email messages between mail servers. Enables organizations to send and receive emails. • Potential Threats: SMTP is susceptible to email- related threats such as spamming, phishing, and email spoofing. Open SMTP relays can be exploited by attackers to send unsolicited emails or launch email-based attacks.
• Basic Scan: The simplest Nmap command is nmap, followed by the target you want to scan. For example:
• Scan a Specific Port Range: You can specify a range of ports to scan using the -p option. For instance, to scan ports 1 to 1000, you can use:
• Scan Service Version: To scan service Version ports, you can use the -sV option:
• Traceroute: To scan Traceroute, you can use the-- traceroute option:
• Operating System Detection: Nmap can attempt to determine the operating system of the target host using various techniques. You can enable OS detection using the -O option:
• TCP SYN Scan (-sS): This is one of the most common and stealthy scan types. It sends SYN packets to the target ports and listens for SYN-ACK responses to determine open ports
• Comprehensive Scan (-A): This scan type enables aggressive options including OS detection, version detection, script scanning, and traceroute.
• --script vuln option in Nmap is used to enable the execution of Nmap NSE (Nmap Scripting Engine) scripts related to vulnerability detection.
Conclusion • Port scanning provides valuable insights into the services running on a web server, helping to identify potential vulnerabilities and security risks. By understanding the functions, benefits, and threats associated with each open port, organizations can take appropriate measures to secure their web servers and protect against potential cyber threats.
Thank You!!

Empfohlen

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditorsJose Manuel Ortega Candel
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 

Empfohlen

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditorsJose Manuel Ortega Candel
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning OverviewPublicly traded global multi-billion services company
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Chap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewChap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewMinistry of Higher Education
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academycyberforgeacademy
 
Nmap
NmapNmap
NmapMegha Sahu
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationBoston Institute of Analytics
 
Solar production with K means clustering
Solar production with K means clusteringSolar production with K means clustering
Solar production with K means clusteringBoston Institute of Analytics
 

Weitere ähnliche Inhalte

Ähnlich wie Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap

lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academycyberforgeacademy
 

Ähnlich wie Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap (20)

lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning Overview
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptx
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Nmap
NmapNmap
Nmap
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Network security
Network securityNetwork security
Network security
 
Chap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewChap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java Overview
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academy
 
Nmap
NmapNmap
Nmap
 

Mehr von Boston Institute of Analytics

Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationBoston Institute of Analytics
 
Demystifying Salaries: A Data Science Approach to Predicting Salary Ranges
Demystifying Salaries: A Data Science Approach to Predicting Salary RangesDemystifying Salaries: A Data Science Approach to Predicting Salary Ranges
Demystifying Salaries: A Data Science Approach to Predicting Salary RangesBoston Institute of Analytics
 
Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...
Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...
Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...Boston Institute of Analytics
 
Credit Card Fraud Detection: Safeguarding Transactions in the Digital Age
Credit Card Fraud Detection: Safeguarding Transactions in the Digital AgeCredit Card Fraud Detection: Safeguarding Transactions in the Digital Age
Credit Card Fraud Detection: Safeguarding Transactions in the Digital AgeBoston Institute of Analytics
 
Sensing the Future: Anomaly Detection and Event Prediction in Sensor Networks
Sensing the Future: Anomaly Detection and Event Prediction in Sensor NetworksSensing the Future: Anomaly Detection and Event Prediction in Sensor Networks
Sensing the Future: Anomaly Detection and Event Prediction in Sensor NetworksBoston Institute of Analytics
 
Predictive Precipitation: Advanced Rain Forecasting Techniques
Predictive Precipitation: Advanced Rain Forecasting TechniquesPredictive Precipitation: Advanced Rain Forecasting Techniques
Predictive Precipitation: Advanced Rain Forecasting TechniquesBoston Institute of Analytics
 
Unveiling the Market: Predicting House Prices with Data Science
Unveiling the Market: Predicting House Prices with Data ScienceUnveiling the Market: Predicting House Prices with Data Science
Unveiling the Market: Predicting House Prices with Data ScienceBoston Institute of Analytics
 
Beyond Thumbs Up/Down: Using AI to Analyze Movie Reviews
Beyond Thumbs Up/Down: Using AI to Analyze Movie ReviewsBeyond Thumbs Up/Down: Using AI to Analyze Movie Reviews
Beyond Thumbs Up/Down: Using AI to Analyze Movie ReviewsBoston Institute of Analytics
 
Unveiling the Patterns: A Cluster Analysis of NYC Shootings
Unveiling the Patterns: A Cluster Analysis of NYC ShootingsUnveiling the Patterns: A Cluster Analysis of NYC Shootings
Unveiling the Patterns: A Cluster Analysis of NYC ShootingsBoston Institute of Analytics
 
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgEnhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgBoston Institute of Analytics
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFBoston Institute of Analytics
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Boston Institute of Analytics
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Mehr von Boston Institute of Analytics (20)

Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
Solar production with K means clustering
Solar production with K means clusteringSolar production with K means clustering
Solar production with K means clustering
 
Demystifying Salaries: A Data Science Approach to Predicting Salary Ranges
Demystifying Salaries: A Data Science Approach to Predicting Salary RangesDemystifying Salaries: A Data Science Approach to Predicting Salary Ranges
Demystifying Salaries: A Data Science Approach to Predicting Salary Ranges
 
Machine Learning for Accident Severity Prediction
Machine Learning for Accident Severity PredictionMachine Learning for Accident Severity Prediction
Machine Learning for Accident Severity Prediction
 
Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...
Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...
Predicting Power Consumption for a Greener Tomorrow: Machine Learning Project...
 
Credit Card Fraud Detection: Safeguarding Transactions in the Digital Age
Credit Card Fraud Detection: Safeguarding Transactions in the Digital AgeCredit Card Fraud Detection: Safeguarding Transactions in the Digital Age
Credit Card Fraud Detection: Safeguarding Transactions in the Digital Age
 
Sensing the Future: Anomaly Detection and Event Prediction in Sensor Networks
Sensing the Future: Anomaly Detection and Event Prediction in Sensor NetworksSensing the Future: Anomaly Detection and Event Prediction in Sensor Networks
Sensing the Future: Anomaly Detection and Event Prediction in Sensor Networks
 
Predictive Precipitation: Advanced Rain Forecasting Techniques
Predictive Precipitation: Advanced Rain Forecasting TechniquesPredictive Precipitation: Advanced Rain Forecasting Techniques
Predictive Precipitation: Advanced Rain Forecasting Techniques
 
Unveiling the Market: Predicting House Prices with Data Science
Unveiling the Market: Predicting House Prices with Data ScienceUnveiling the Market: Predicting House Prices with Data Science
Unveiling the Market: Predicting House Prices with Data Science
 
Beyond Thumbs Up/Down: Using AI to Analyze Movie Reviews
Beyond Thumbs Up/Down: Using AI to Analyze Movie ReviewsBeyond Thumbs Up/Down: Using AI to Analyze Movie Reviews
Beyond Thumbs Up/Down: Using AI to Analyze Movie Reviews
 
Unveiling the Patterns: A Cluster Analysis of NYC Shootings
Unveiling the Patterns: A Cluster Analysis of NYC ShootingsUnveiling the Patterns: A Cluster Analysis of NYC Shootings
Unveiling the Patterns: A Cluster Analysis of NYC Shootings
 
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgEnhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Detecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven ApproachDetecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven Approach
 
Predicting House Prices: A Machine Learning Approach
Predicting House Prices: A Machine Learning ApproachPredicting House Prices: A Machine Learning Approach
Predicting House Prices: A Machine Learning Approach
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 

Kürzlich hochgeladen

Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxEasyPrinterHelp
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 

Kürzlich hochgeladen (20)

Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap

  • 1.
  • 3. Contents • Introduction to Scanning Open Ports • Types Of Port Numbers & Their Uses • Why It’s Important • How it Works ? • Types of Scan • Threats potential of Nmap • Conclusion
  • 4. Introduction • Scanning open ports is a process of identifying which network ports on a system are open and listening for incoming connections
  • 5. • The process of scanning a computer’s port is called port scanning. It provides information on whether a device’s ports are open, closed or filtered. • It is mainly performed to identify if a port is sending or receiving any information. • Port scanning also involves the sending of data to specific ports and analyzing the responses to identify vulnerabilities. • It is also one of the techniques used by attackers to discover devices/services they can break into.
  • 6. Types Of Port Numbers & Their Uses • Ports 20 and 21. FTP is used to transfer files between a client and a server • Port 22. Secure Shell is one of several tunneling protocols used to build secure network connections. • Port 25. Simple Mail Transfer Protocol (SMTP) is commonly used for email. • Port 53. Domain name system (DNS) is a critical process that matches human-readable domain names to machine- readable IP addresses on the modern internet. It helps users load websites and applications without typing in a long list of IP addresses.
  • 7. • Port 80. HTTP is the protocol that enables the World Wide Web. • Port 123. Network Time Protocol helps computer clocks sync with each other. It's a vital process in encryption • Port 179. Border Gateway Protocol (BGP) helps establish efficient routes between the large networks or autonomous systems that make up the internet. These large networks use BGP to broadcast which IP addresses they control.
  • 8. • Port 443. HTTP Secure (HTTPS) is like HTTP but more secure. All HTTPS web traffic goes straight to port 443. Any network service that uses HTTPS for encryption, such as DNS over HTTPS, also connects directly to this port. • Port 500. Internet Security Association and Key Management Protocol helps set up secure IP Security • Port 3389. Remote Desktop Protocol enables users to connect to their desktop computers from another device remotely.
  • 9. Why It’s Important • Helps in understanding the network architecture. • Aids in identifying potential vulnerabilities. • Critical for network security assessments and troubleshooting. • it is used by security professionals to identify any security vulnerabilities on that particular network. • port scanning identifies open ports and services available on a network
  • 10. How it Works ? • Tools like Nmap or Zenmap are commonly used for port scanning. • Nmap can be a solution to the problem of identifying activity on a network as it scans the entire system and makes a map of every part of it. • A common issue with internet systems is that they are too complicated for the ordinary person to understand. Even a small home-based system is extremely complex.
  • 11. • That complexity grows exponentially when it comes to larger companies and agencies that deal with hundreds or even thousands of computers on the network. • Nmap can find information about the operating system running on devices. It can provide detailed information like OS versions, making it easier to plan additional approaches during penetration testing. • During security auditing and vulnerability scanning, you can use Nmap to attack systems using existing scripts from the Nmap Scripting Engine • Nmap has a graphical user interface called Zenmap. It helps you develop visual mappings of a network for better usability and reporting.
  • 12. Types of Scans: • TCP SYN Scan –A TCP SYN scan is a stealth scan used to determine if ports on a target system are open, closed or filtered. Nmap sends a SYN packet to the target and waits for a response. If the target responds with a SYN/ACK packet, the port is considered open and ready to establish a connection. • It is also known as Half Open Scan since it is a two-way communication channel and the scanner doesn’t close the open connections. • TCP FIN Scan – This scan, mostly used by attackers, has the ability to pass through firewalls and other scan detection programs. • When the attacking system sends FIN packets to the targeted system, the closed ports will respond with a reset response while the open ports will ignore the packets.
  • 13. • TCP XMAS Scan – This scan is used to identify the listening ports on the targeted system. • TCP Null Scan – An extremely stealthy scam, TCP Null Scam sets all the header fields to null, which means when an attacker sends a packet, instead of turning on the flags in the header that would cause the packet to be received as invalid by the host, the NULL scan turns off the header flags. • Vanilla TCP Connect Scan –A vanilla scan is a full connect scan, meaning it sends a SYN flag (request to connect) and upon receiving a SYN-ACK (acknowledgement of connection) response, sends back an ACK flag. • Ping Scan – The Ping scan utilizes the “ping” command to scan the computers that are active.
  • 14. Threats potential of Nmap • Port 80 (HTTP): • Function: This port is commonly used for HTTP traffic, serving web pages and content. • Benefits: Allows users to access the website via a web browser. • Potential Threats: Vulnerable to attacks like HTTP floods, DDoS attacks, and web application vulnerabilities.
  • 15. • Port 443 (HTTPS): • Function: Secure version of HTTP, using SSL/TLS encryption for secure data transfer. • Benefits: Ensures data confidentiality and integrity during communication. • Potential Threats: SSL/TLS vulnerabilities, man-in-the- middle attacks, and SSL Stripping
  • 16. • Port 22 (SSH): • Function: Secure Shell protocol for secure remote access and control over the server. • Benefits: Allows administrators to securely manage the server remotely. • Potential Threats: Brute force attacks, SSH key compromise, and man-in-the-middle attacks.
  • 17. • Port 21 (FTP): • Function: File Transfer Protocol for transferring files between a client and server. • Benefits: Facilitates easy file uploads and downloads. • Potential Threats: FTP bounce attacks, plaintext authentication vulnerabilities, and FTP protocol weaknesses.
  • 18. • Port 3306 (MySQL): • Function: MySQL database server port for database management and querying. • Benefits: Allows web applications to interact with the database for dynamic content. • Potential Threats: SQL injection attacks, unauthorized access to the database, and database server vulnerabilities.
  • 19. • Port 25 (SMTP): • Function: Port 25 is used for SMTP (Simple Mail Transfer Protocol), which is responsible for sending outgoing mail from an email client to a mail server. • Benefits: Facilitates the exchange of email messages between mail servers. Enables organizations to send and receive emails. • Potential Threats: SMTP is susceptible to email- related threats such as spamming, phishing, and email spoofing. Open SMTP relays can be exploited by attackers to send unsolicited emails or launch email-based attacks.
  • 20. • Basic Scan: The simplest Nmap command is nmap, followed by the target you want to scan. For example:
  • 21. • Scan a Specific Port Range: You can specify a range of ports to scan using the -p option. For instance, to scan ports 1 to 1000, you can use:
  • 22. • Scan Service Version: To scan service Version ports, you can use the -sV option:
  • 23. • Traceroute: To scan Traceroute, you can use the-- traceroute option:
  • 24. • Operating System Detection: Nmap can attempt to determine the operating system of the target host using various techniques. You can enable OS detection using the -O option:
  • 25. • TCP SYN Scan (-sS): This is one of the most common and stealthy scan types. It sends SYN packets to the target ports and listens for SYN-ACK responses to determine open ports
  • 26. • Comprehensive Scan (-A): This scan type enables aggressive options including OS detection, version detection, script scanning, and traceroute.
  • 27. • --script vuln option in Nmap is used to enable the execution of Nmap NSE (Nmap Scripting Engine) scripts related to vulnerability detection.
  • 28.
  • 29. Conclusion • Port scanning provides valuable insights into the services running on a web server, helping to identify potential vulnerabilities and security risks. By understanding the functions, benefits, and threats associated with each open port, organizations can take appropriate measures to secure their web servers and protect against potential cyber threats.