7 CN

The document describes an experiment to perform network discovery using Nmap and MRTG tools. It discusses the various features of Nmap including host discovery, port scanning for TCP and UDP, operating system detection, and version scanning. It also provides the installation steps for Nmap in Linux and examples of commands to use Nmap for different scanning activities like host discovery, port scanning, OS detection, and more. The aim is to familiarize with network mapping and monitoring using open source discovery tools.

Uploaded by

Adfar Rashid

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

105 views11 pages

7 CN

Uploaded by

Adfar Rashid

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 11

Department of Computer Engineering

Name: Nameet Ahire Roll No: A-502

Experiment - 07

Aim: Perform network discovery using discovery tools. (e.g. nmap/mrtg)

Nmap- Network Mapper

Mrtg- Mutli router traffic grapher

Theory:

1. NMAP tool

Nmap ("Network Mapper") is a free and open source utility for network discovery and
security auditing. Many systems and network administrators also find it useful for tasks
such as network inventory, managing service upgrade schedules, and monitoring host or
service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly
scan large networks, but works fine against single hosts. Nmap runs on all major
computer operating systems, and official binary packages are available for Linux,
Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the
Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data
transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results
(Ndiff), and a packet generation and response analysis tool (Nping).

2. Port number and Types of ports

A port number is a 16-bit numeric value that oscillates between 0 and 65535. There are
three different types of port numbers: well-known ports, registered ports, and dynamic
ports. Therefore, making port numbers an essential part of network communication.
Consequently, make sure to review these while studying for your next certification
(CCNA or CompTIA Network+).
First of all, these port numbers are reserved by ICANN. The Internet Committee for
Assigned Names and Numbers and oversees the use of Internet domains. These well-
known ports are used by your computer application to communicate. This communication
is established using the Internet’s Transmission Control Protocol (TCP) or the User
Datagram Protocol (UDP).
Department of Computer Engineering

Name: Nameet Ahire Roll No: A-502

Types of communication ports

The three types of communication ports are well-known ports, registered ports, and
dynamic ports.
 Well-known ports cover the range of possible port numbers from 0 through 1023.
 Registered ports are numbered from 1024 through 49151.
 Dynamic ports or private ports are numbered from 49152 through 65535.
 Here are the Common Network Ports you need to know before your CCNA or
CompTIA Network+ exam.

3. Status of ports

The six port states recognized by Nmap

Open
An application is actively accepting TCP connections, UDP datagrams or SCTP
associations on this port. Finding these is often the primary goal of port scanning.
Security-minded people know that each open port is an avenue for attack. Attackers and
pen-testers want to exploit the open ports, while administrators try to close or protect
them with firewalls without thwarting legitimate users. Open ports are also interesting for
non-security scans because they show services available for use on the network.

Closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is
no application listening on it. They can be helpful in showing that a host is up on an IP
address (host discovery, or ping scanning), and as part of OS detection. Because closed
ports are reachable, it may be worth scanning later in case some open up. Administrators
may want to consider blocking such ports with a firewall. Then they would appear in the
filtered state, discussed next.

Filtered
Nmap cannot determine whether the port is open because packet filtering prevents its
probes from reaching the port. The filtering could be from a dedicated firewall device,
router rules, or host-based firewall software. These ports frustrate attackers because they
provide so little information. Sometimes they respond with ICMP error messages such as
type 3 code 13 (destination unreachable: communication administratively prohibited), but
filters that simply drop probes without responding are far more common. This forces
Nmap to retry several times just in case the probe was dropped due to network congestion
rather than filtering. This slows down the scan dramatically.
Department of Computer Engineering

Name: Nameet Ahire Roll No: A-502

Unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine
whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets,
classifies ports into this state. Scanning unfiltered ports with other scan types such as
Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.

Open|filtered
Nmap places ports in this state when it is unable to determine whether a port is open or
filtered. This occurs for scan types in which open ports give no response. The lack of
response could also mean that a packet filter dropped the probe or any response it elicited.
So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP
protocol, FIN, NULL, and Xmas scans classify ports this way.

Closed|filtered
This state is used when Nmap is unable to determine whether a port is closed or filtered.
It is only used for the IP ID idle scan.

4. Installation steps in Linux

$ sudo –i
$ apt-get install nmap
Department of Computer Engineering

Name: Nameet Ahire Roll No: A-502