SlideShare a Scribd company logo

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap

Download as PPTX, PDF
B
Boston Institute of Analytics

Empower yourself to see what's lurking on your network with our Nmap project presentation! This presentation delves into the world of port scanning with Nmap, the industry-standard tool. Explore how Nmap works, uncover different scanning techniques (SYN scan, UDP scan, etc.), and learn to identify open ports, potential vulnerabilities, and running services. Whether you're a network administrator, security professional, or simply curious about your network traffic, this presentation equips you with the skills to gain valuable insights into your network health. Visit us for more nmap project presentations, https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/

Technology
1 of 30
Based On N-Map Tool
Contents • Introduction to Scanning Open Ports • Types Of Port Numbers & Their Uses • Why It’s Important • How it Works ? • Types of Scan • Threats potential of Nmap • Conclusion
Introduction • Scanning open ports is a process of identifying which network ports on a system are open and listening for incoming connections
• The process of scanning a computer’s port is called port scanning. It provides information on whether a device’s ports are open, closed or filtered. • It is mainly performed to identify if a port is sending or receiving any information. • Port scanning also involves the sending of data to specific ports and analyzing the responses to identify vulnerabilities. • It is also one of the techniques used by attackers to discover devices/services they can break into.
Types Of Port Numbers & Their Uses • Ports 20 and 21. FTP is used to transfer files between a client and a server • Port 22. Secure Shell is one of several tunneling protocols used to build secure network connections. • Port 25. Simple Mail Transfer Protocol (SMTP) is commonly used for email. • Port 53. Domain name system (DNS) is a critical process that matches human-readable domain names to machine- readable IP addresses on the modern internet. It helps users load websites and applications without typing in a long list of IP addresses.
• Port 80. HTTP is the protocol that enables the World Wide Web. • Port 123. Network Time Protocol helps computer clocks sync with each other. It's a vital process in encryption • Port 179. Border Gateway Protocol (BGP) helps establish efficient routes between the large networks or autonomous systems that make up the internet. These large networks use BGP to broadcast which IP addresses they control.
• Port 443. HTTP Secure (HTTPS) is like HTTP but more secure. All HTTPS web traffic goes straight to port 443. Any network service that uses HTTPS for encryption, such as DNS over HTTPS, also connects directly to this port. • Port 500. Internet Security Association and Key Management Protocol helps set up secure IP Security • Port 3389. Remote Desktop Protocol enables users to connect to their desktop computers from another device remotely.
Why It’s Important • Helps in understanding the network architecture. • Aids in identifying potential vulnerabilities. • Critical for network security assessments and troubleshooting. • it is used by security professionals to identify any security vulnerabilities on that particular network. • port scanning identifies open ports and services available on a network
How it Works ? • Tools like Nmap or Zenmap are commonly used for port scanning. • Nmap can be a solution to the problem of identifying activity on a network as it scans the entire system and makes a map of every part of it. • A common issue with internet systems is that they are too complicated for the ordinary person to understand. Even a small home-based system is extremely complex.
• That complexity grows exponentially when it comes to larger companies and agencies that deal with hundreds or even thousands of computers on the network. • Nmap can find information about the operating system running on devices. It can provide detailed information like OS versions, making it easier to plan additional approaches during penetration testing. • During security auditing and vulnerability scanning, you can use Nmap to attack systems using existing scripts from the Nmap Scripting Engine • Nmap has a graphical user interface called Zenmap. It helps you develop visual mappings of a network for better usability and reporting.
Types of Scans: • TCP SYN Scan –A TCP SYN scan is a stealth scan used to determine if ports on a target system are open, closed or filtered. Nmap sends a SYN packet to the target and waits for a response. If the target responds with a SYN/ACK packet, the port is considered open and ready to establish a connection. • It is also known as Half Open Scan since it is a two-way communication channel and the scanner doesn’t close the open connections. • TCP FIN Scan – This scan, mostly used by attackers, has the ability to pass through firewalls and other scan detection programs. • When the attacking system sends FIN packets to the targeted system, the closed ports will respond with a reset response while the open ports will ignore the packets.
• TCP XMAS Scan – This scan is used to identify the listening ports on the targeted system. • TCP Null Scan – An extremely stealthy scam, TCP Null Scam sets all the header fields to null, which means when an attacker sends a packet, instead of turning on the flags in the header that would cause the packet to be received as invalid by the host, the NULL scan turns off the header flags. • Vanilla TCP Connect Scan –A vanilla scan is a full connect scan, meaning it sends a SYN flag (request to connect) and upon receiving a SYN-ACK (acknowledgement of connection) response, sends back an ACK flag. • Ping Scan – The Ping scan utilizes the “ping” command to scan the computers that are active.
Threats potential of Nmap • Port 80 (HTTP): • Function: This port is commonly used for HTTP traffic, serving web pages and content. • Benefits: Allows users to access the website via a web browser. • Potential Threats: Vulnerable to attacks like HTTP floods, DDoS attacks, and web application vulnerabilities.
• Port 443 (HTTPS): • Function: Secure version of HTTP, using SSL/TLS encryption for secure data transfer. • Benefits: Ensures data confidentiality and integrity during communication. • Potential Threats: SSL/TLS vulnerabilities, man-in-the- middle attacks, and SSL Stripping
• Port 22 (SSH): • Function: Secure Shell protocol for secure remote access and control over the server. • Benefits: Allows administrators to securely manage the server remotely. • Potential Threats: Brute force attacks, SSH key compromise, and man-in-the-middle attacks.
• Port 21 (FTP): • Function: File Transfer Protocol for transferring files between a client and server. • Benefits: Facilitates easy file uploads and downloads. • Potential Threats: FTP bounce attacks, plaintext authentication vulnerabilities, and FTP protocol weaknesses.
• Port 3306 (MySQL): • Function: MySQL database server port for database management and querying. • Benefits: Allows web applications to interact with the database for dynamic content. • Potential Threats: SQL injection attacks, unauthorized access to the database, and database server vulnerabilities.
• Port 25 (SMTP): • Function: Port 25 is used for SMTP (Simple Mail Transfer Protocol), which is responsible for sending outgoing mail from an email client to a mail server. • Benefits: Facilitates the exchange of email messages between mail servers. Enables organizations to send and receive emails. • Potential Threats: SMTP is susceptible to email- related threats such as spamming, phishing, and email spoofing. Open SMTP relays can be exploited by attackers to send unsolicited emails or launch email-based attacks.
• Basic Scan: The simplest Nmap command is nmap, followed by the target you want to scan. For example:
• Scan a Specific Port Range: You can specify a range of ports to scan using the -p option. For instance, to scan ports 1 to 1000, you can use:
• Scan Service Version: To scan service Version ports, you can use the -sV option:
• Traceroute: To scan Traceroute, you can use the-- traceroute option:
• Operating System Detection: Nmap can attempt to determine the operating system of the target host using various techniques. You can enable OS detection using the -O option:
• TCP SYN Scan (-sS): This is one of the most common and stealthy scan types. It sends SYN packets to the target ports and listens for SYN-ACK responses to determine open ports
• Comprehensive Scan (-A): This scan type enables aggressive options including OS detection, version detection, script scanning, and traceroute.
• --script vuln option in Nmap is used to enable the execution of Nmap NSE (Nmap Scripting Engine) scripts related to vulnerability detection.
Conclusion • Port scanning provides valuable insights into the services running on a web server, helping to identify potential vulnerabilities and security risks. By understanding the functions, benefits, and threats associated with each open port, organizations can take appropriate measures to secure their web servers and protect against potential cyber threats.
Thank You!!

Recommended

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditorsJose Manuel Ortega Candel
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 

Recommended

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditorsJose Manuel Ortega Candel
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning OverviewPublicly traded global multi-billion services company
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Chap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewChap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewMinistry of Higher Education
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academycyberforgeacademy
 
Nmap
NmapNmap
NmapMegha Sahu
 
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgEnhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgBoston Institute of Analytics
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFBoston Institute of Analytics
 

More Related Content

Similar to Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap

lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academycyberforgeacademy
 

Similar to Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap (20)

lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning Overview
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptx
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Nmap
NmapNmap
Nmap
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Network security
Network securityNetwork security
Network security
 
Chap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java OverviewChap 1 Network Theory & Java Overview
Chap 1 Network Theory & Java Overview
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academy
 
Nmap
NmapNmap
Nmap
 

More from Boston Institute of Analytics

Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgEnhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgBoston Institute of Analytics
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFBoston Institute of Analytics
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Boston Institute of Analytics
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
NLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile PricesNLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile PricesBoston Institute of Analytics
 
Data Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health ClassificationData Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health ClassificationBoston Institute of Analytics
 
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud DetectionCombating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud DetectionBoston Institute of Analytics
 
Predicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning ApproachPredicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning ApproachBoston Institute of Analytics
 
Employee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project PresentationEmployee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project PresentationBoston Institute of Analytics
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationBoston Institute of Analytics
 
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxNLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxBoston Institute of Analytics
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...Boston Institute of Analytics
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfBoston Institute of Analytics
 

More from Boston Institute of Analytics (20)

Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.orgEnhancing Cybersecurity: An In-depth Analysis of Travelblog.org
Enhancing Cybersecurity: An In-depth Analysis of Travelblog.org
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRFExploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Detecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven ApproachDetecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven Approach
 
Predicting House Prices: A Machine Learning Approach
Predicting House Prices: A Machine Learning ApproachPredicting House Prices: A Machine Learning Approach
Predicting House Prices: A Machine Learning Approach
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
NLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile PricesNLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile Prices
 
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in ActionDecoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
 
Analyzing Movie Reviews : Machine learning project
Analyzing Movie Reviews : Machine learning projectAnalyzing Movie Reviews : Machine learning project
Analyzing Movie Reviews : Machine learning project
 
Data Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health ClassificationData Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health Classification
 
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud DetectionCombating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
 
Predicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning ApproachPredicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning Approach
 
Employee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project PresentationEmployee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project Presentation
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project Presentation
 
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxNLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scanning with Nmap

  • 1.
  • 3. Contents • Introduction to Scanning Open Ports • Types Of Port Numbers & Their Uses • Why It’s Important • How it Works ? • Types of Scan • Threats potential of Nmap • Conclusion
  • 4. Introduction • Scanning open ports is a process of identifying which network ports on a system are open and listening for incoming connections
  • 5. • The process of scanning a computer’s port is called port scanning. It provides information on whether a device’s ports are open, closed or filtered. • It is mainly performed to identify if a port is sending or receiving any information. • Port scanning also involves the sending of data to specific ports and analyzing the responses to identify vulnerabilities. • It is also one of the techniques used by attackers to discover devices/services they can break into.
  • 6. Types Of Port Numbers & Their Uses • Ports 20 and 21. FTP is used to transfer files between a client and a server • Port 22. Secure Shell is one of several tunneling protocols used to build secure network connections. • Port 25. Simple Mail Transfer Protocol (SMTP) is commonly used for email. • Port 53. Domain name system (DNS) is a critical process that matches human-readable domain names to machine- readable IP addresses on the modern internet. It helps users load websites and applications without typing in a long list of IP addresses.
  • 7. • Port 80. HTTP is the protocol that enables the World Wide Web. • Port 123. Network Time Protocol helps computer clocks sync with each other. It's a vital process in encryption • Port 179. Border Gateway Protocol (BGP) helps establish efficient routes between the large networks or autonomous systems that make up the internet. These large networks use BGP to broadcast which IP addresses they control.
  • 8. • Port 443. HTTP Secure (HTTPS) is like HTTP but more secure. All HTTPS web traffic goes straight to port 443. Any network service that uses HTTPS for encryption, such as DNS over HTTPS, also connects directly to this port. • Port 500. Internet Security Association and Key Management Protocol helps set up secure IP Security • Port 3389. Remote Desktop Protocol enables users to connect to their desktop computers from another device remotely.
  • 9. Why It’s Important • Helps in understanding the network architecture. • Aids in identifying potential vulnerabilities. • Critical for network security assessments and troubleshooting. • it is used by security professionals to identify any security vulnerabilities on that particular network. • port scanning identifies open ports and services available on a network
  • 10. How it Works ? • Tools like Nmap or Zenmap are commonly used for port scanning. • Nmap can be a solution to the problem of identifying activity on a network as it scans the entire system and makes a map of every part of it. • A common issue with internet systems is that they are too complicated for the ordinary person to understand. Even a small home-based system is extremely complex.
  • 11. • That complexity grows exponentially when it comes to larger companies and agencies that deal with hundreds or even thousands of computers on the network. • Nmap can find information about the operating system running on devices. It can provide detailed information like OS versions, making it easier to plan additional approaches during penetration testing. • During security auditing and vulnerability scanning, you can use Nmap to attack systems using existing scripts from the Nmap Scripting Engine • Nmap has a graphical user interface called Zenmap. It helps you develop visual mappings of a network for better usability and reporting.
  • 12. Types of Scans: • TCP SYN Scan –A TCP SYN scan is a stealth scan used to determine if ports on a target system are open, closed or filtered. Nmap sends a SYN packet to the target and waits for a response. If the target responds with a SYN/ACK packet, the port is considered open and ready to establish a connection. • It is also known as Half Open Scan since it is a two-way communication channel and the scanner doesn’t close the open connections. • TCP FIN Scan – This scan, mostly used by attackers, has the ability to pass through firewalls and other scan detection programs. • When the attacking system sends FIN packets to the targeted system, the closed ports will respond with a reset response while the open ports will ignore the packets.
  • 13. • TCP XMAS Scan – This scan is used to identify the listening ports on the targeted system. • TCP Null Scan – An extremely stealthy scam, TCP Null Scam sets all the header fields to null, which means when an attacker sends a packet, instead of turning on the flags in the header that would cause the packet to be received as invalid by the host, the NULL scan turns off the header flags. • Vanilla TCP Connect Scan –A vanilla scan is a full connect scan, meaning it sends a SYN flag (request to connect) and upon receiving a SYN-ACK (acknowledgement of connection) response, sends back an ACK flag. • Ping Scan – The Ping scan utilizes the “ping” command to scan the computers that are active.
  • 14. Threats potential of Nmap • Port 80 (HTTP): • Function: This port is commonly used for HTTP traffic, serving web pages and content. • Benefits: Allows users to access the website via a web browser. • Potential Threats: Vulnerable to attacks like HTTP floods, DDoS attacks, and web application vulnerabilities.
  • 15. • Port 443 (HTTPS): • Function: Secure version of HTTP, using SSL/TLS encryption for secure data transfer. • Benefits: Ensures data confidentiality and integrity during communication. • Potential Threats: SSL/TLS vulnerabilities, man-in-the- middle attacks, and SSL Stripping
  • 16. • Port 22 (SSH): • Function: Secure Shell protocol for secure remote access and control over the server. • Benefits: Allows administrators to securely manage the server remotely. • Potential Threats: Brute force attacks, SSH key compromise, and man-in-the-middle attacks.
  • 17. • Port 21 (FTP): • Function: File Transfer Protocol for transferring files between a client and server. • Benefits: Facilitates easy file uploads and downloads. • Potential Threats: FTP bounce attacks, plaintext authentication vulnerabilities, and FTP protocol weaknesses.
  • 18. • Port 3306 (MySQL): • Function: MySQL database server port for database management and querying. • Benefits: Allows web applications to interact with the database for dynamic content. • Potential Threats: SQL injection attacks, unauthorized access to the database, and database server vulnerabilities.
  • 19. • Port 25 (SMTP): • Function: Port 25 is used for SMTP (Simple Mail Transfer Protocol), which is responsible for sending outgoing mail from an email client to a mail server. • Benefits: Facilitates the exchange of email messages between mail servers. Enables organizations to send and receive emails. • Potential Threats: SMTP is susceptible to email- related threats such as spamming, phishing, and email spoofing. Open SMTP relays can be exploited by attackers to send unsolicited emails or launch email-based attacks.
  • 20. • Basic Scan: The simplest Nmap command is nmap, followed by the target you want to scan. For example:
  • 21. • Scan a Specific Port Range: You can specify a range of ports to scan using the -p option. For instance, to scan ports 1 to 1000, you can use:
  • 22. • Scan Service Version: To scan service Version ports, you can use the -sV option:
  • 23. • Traceroute: To scan Traceroute, you can use the-- traceroute option:
  • 24. • Operating System Detection: Nmap can attempt to determine the operating system of the target host using various techniques. You can enable OS detection using the -O option:
  • 25. • TCP SYN Scan (-sS): This is one of the most common and stealthy scan types. It sends SYN packets to the target ports and listens for SYN-ACK responses to determine open ports
  • 26. • Comprehensive Scan (-A): This scan type enables aggressive options including OS detection, version detection, script scanning, and traceroute.
  • 27. • --script vuln option in Nmap is used to enable the execution of Nmap NSE (Nmap Scripting Engine) scripts related to vulnerability detection.
  • 28.
  • 29. Conclusion • Port scanning provides valuable insights into the services running on a web server, helping to identify potential vulnerabilities and security risks. By understanding the functions, benefits, and threats associated with each open port, organizations can take appropriate measures to secure their web servers and protect against potential cyber threats.