WEBVTT

00:00.680 --> 00:03.780
Welcome back, fellow network explorers.

00:03.800 --> 00:10.160
My name is Stefan, and in this lecture, we will delve into the fascinating world of Nmap port scanning.

00:10.160 --> 00:15.920
We will delve into advanced techniques that will help you uncover valuable information about target

00:15.920 --> 00:17.480
systems and services.

00:17.480 --> 00:23.120
So grab your virtual magnifying glass as we embark on this journey together.

00:23.120 --> 00:29.450
So Nmap offers a variety of port scanning techniques that cater to different scenarios.

00:29.480 --> 00:35.690
Understanding these techniques will empower you to choose the most appropriate method for your scanning

00:35.690 --> 00:36.170
needs.

00:36.170 --> 00:44.420
So by default, the privileged users enjoy the benefits of a scan stealth attack synchronizing stealth

00:44.450 --> 00:44.890
a cat.

00:44.900 --> 00:53.360
So this technique utilizes raw packets to detect port states using a technique known as half open.

00:53.360 --> 01:00.390
So on the other hand, unprivileged users who lack the ability to create any direct packets rely on

01:00.390 --> 01:02.040
the TCP scan technique.

01:02.040 --> 01:04.740
So TCP connect scan technique actually.

01:04.740 --> 01:14.340
So this method completes each TCP connection, fully making it slower compared to scan and synchronizing

01:14.340 --> 01:15.840
stealth scans.

01:15.840 --> 01:21.840
So fine tuning our Nmap scans to focus on specific port ranges is a valuable skill.

01:21.840 --> 01:28.950
It allows us to narrow down our search and optimize performance, especially when dealing with multiple

01:28.950 --> 01:29.610
targets.

01:29.610 --> 01:37.440
So you can specify port ranges in various ways using Nmap p option here.

01:37.440 --> 01:45.930
So for example, you can use comma separated lists to scan multiple ports like 80 and 443 like this

01:45.930 --> 01:56.940
here Nmap P here and 8443 and here we will enter the code silly.com and here.

01:57.700 --> 02:01.610
We are now scanning port 80 and port 443.

02:01.610 --> 02:08.470
And as you can see here, they are open at service port, 80 users on the servers called Http.

02:08.690 --> 02:15.110
And here for port 443 uses Https and they both open.

02:15.290 --> 02:20.480
Alternatively, you can define range uses using hyphens here.

02:20.480 --> 02:29.120
So for example such as the you can write like P here and one 200.

02:30.200 --> 02:38.000
And here we are telling Nmap to scan ports from 1 to 100 on console.com.

02:38.000 --> 02:45.040
And as you can see here, the Nmap show us the open ports on the specific domain address.

02:45.090 --> 02:50.420
Nmap also provides the flexibility to target specific ports by protocol.

02:50.450 --> 03:01.880
For instance, you can scan TCP port 2425 and UDP port 53 on a target using this command here again

03:01.880 --> 03:04.370
p here and without space.

03:04.370 --> 03:15.080
After P we enter the T here 25 and u here 53 and here you will enter the target domain or IP address.

03:15.080 --> 03:17.990
In this case it's domain code telecom.

03:17.990 --> 03:21.140
And here let's press enter.

03:21.140 --> 03:24.260
And as you can see here, your port specifications are illegal.

03:24.260 --> 03:25.670
Example of proper port here.

03:25.670 --> 03:29.180
So we did something wrong here and here.

03:30.120 --> 03:30.930
After that of.

03:30.930 --> 03:33.300
Sorry, we need to add few dots here.

03:34.960 --> 03:35.790
Yes, that's it.

03:35.800 --> 03:41.380
And here your paws include you, but you don't have specified UDP scan with you here.

03:41.380 --> 03:43.210
So you can also scan with this.

03:43.210 --> 03:47.800
But in this case, we just scan the TCP here and here.

03:47.920 --> 03:52.540
And as you can see, it's filtered and it's a Smtp here.

03:53.410 --> 03:59.110
Smtp server is actually used for emails and email communication.

03:59.110 --> 04:06.850
So here additionally, you can focus on ports associated with specific services using service names

04:06.850 --> 04:13.450
such as Nmap, P here, and after p it actually let me clear that.

04:13.450 --> 04:21.250
So nmap p here nmap p and after p you can enter with with space here.

04:21.250 --> 04:30.280
So nmap p smtp here and you will enter a domain name or IP address here, code.com.

04:30.280 --> 04:33.640
And now we have a segmentation fault here.

04:33.640 --> 04:36.240
Let's actually use with sudo here.

04:36.920 --> 04:38.090
Enter password.

04:38.090 --> 04:42.440
And as you can see here, we got segmentation fault again.

04:46.000 --> 04:49.070
This fault is actually a bug on the Nmap.

04:49.150 --> 04:50.320
This version here.

04:50.320 --> 04:54.520
So I think they will fix that in next versions.

04:54.520 --> 05:02.830
But here you can also fix that by uninstalling the purging and then installing Nmap again, which we

05:02.830 --> 05:04.870
will do in next lectures.

05:04.870 --> 05:06.550
How to fix that fault here.

05:06.550 --> 05:14.740
So here now Nmap here also provides the flexibility to.

05:16.180 --> 05:19.740
Active use the active network interface in order to.

05:19.750 --> 05:24.880
However, there may be instances when it fails to do so or when you need to select a specific interface

05:24.880 --> 05:27.100
for network testing purposes.

05:27.100 --> 05:33.220
So to ensure app scans using the desired network interface, for example, lets you see what is our

05:33.220 --> 05:34.000
network interface.

05:34.000 --> 05:36.430
In this case it's the Eth0.

05:36.430 --> 05:44.830
So here to ensure Nmap scans using the desired network interface, you can use the E argument followed

05:44.830 --> 05:46.000
by the interface name.

05:46.000 --> 05:46.780
For example.

05:46.780 --> 05:54.400
In order to do that you will enter the Nmap here e here argument and after that you will enter the eth0

05:54.400 --> 05:55.840
in my case and here.

05:55.840 --> 06:04.090
And after that you will enter the target name and here in this case our Nmap.

06:04.120 --> 06:11.260
This code here forces the nmap to use the eth0 for the scan.

06:11.260 --> 06:14.410
And here, as you can see here, you can.

06:16.220 --> 06:16.700
I'm sorry.

06:17.700 --> 06:26.700
So you can also use the press to debugging or you can use the arrow keys to show the process here.

06:48.850 --> 06:51.400
And here, as you can see here, it's still.

06:52.940 --> 06:53.780
Using that.

07:17.470 --> 07:19.000
So it might take some time here.

07:19.300 --> 07:22.750
I know it's actually halfway down here, etcetera.

07:28.010 --> 07:29.540
59% here.

07:36.020 --> 07:40.640
And here our scan is complete with this preferred interface here.

07:40.640 --> 07:41.540
So.

07:42.280 --> 07:51.490
And as you can see here, we we ensure that we are now using the Eth0 for Nmap interface for the scanning

07:51.580 --> 07:51.910
here.

07:51.910 --> 07:57.700
And congratulations, you learned some advanced techniques for port scanning with Nmap by understanding

07:57.700 --> 08:05.410
the differences between a privileged and unprivileged scans and scanning specific port ranges and selecting

08:05.410 --> 08:13.210
the ideal network interface interface at the end and you are now equipped to conduct precise and efficient

08:13.240 --> 08:14.530
network reconnaissance.

08:14.530 --> 08:18.270
So remember, responsible scanning is essential.

08:18.280 --> 08:24.370
Always ensure you have a proper authorizations and adhere to ethical guidelines when performing security

08:24.370 --> 08:25.120
assessments.

08:25.120 --> 08:32.140
And so go forth, explore the depths of your network and uncover the hidden treasures that await with

08:32.140 --> 08:32.740
Nmap.

08:32.740 --> 08:34.870
And I'm waiting you in the next lecture.