WEBVTT

00:01.620 --> 00:08.460
Let's move ahead and take a look at a map which comes from Network Mappa and is a network discovery

00:08.460 --> 00:14.740
and security auditing tool widely used by network administrators for many types of scanning.

00:15.510 --> 00:22.160
It's a complex open source application that maybe deserves its own dedicated course, in my opinion.

00:23.590 --> 00:30.580
There are a variety of skills that can be performed using and I want to mention just a few of them.

00:31.950 --> 00:39.660
DCP, since Cannes is the default and the most popular Cannes option for good reasons, it can be performed

00:39.660 --> 00:47.340
quickly, scanning thousands of pork's per second on a fast network if there are no firewalls that restrict

00:47.340 --> 00:48.040
the scanning.

00:48.810 --> 00:55.530
It is also an obstructive and stealthy, since it may have complex disipio connections.

00:55.890 --> 01:04.460
This technique is often referred to as half open scanning because it doesn't open a full DCP connection.

01:05.990 --> 01:14.750
And since I seen it as if it is going to open a real connection and then wait for a response or a scene

01:14.750 --> 01:18.520
and an acknowledgement indicates that the party is listening.

01:18.530 --> 01:23.530
So it's open dialogue, he said, indicates that the port is closed.

01:23.990 --> 01:28.520
If no response is received, the port is marked as filtered.

01:29.030 --> 01:34.250
Keep in mind that you need the good privileges to perform this type of skin.

01:34.610 --> 01:42.690
If you don't have privileges, you can still perform another type of DCP scanning called DCP Connect

01:42.710 --> 01:43.150
Scan.

01:43.590 --> 01:46.740
Let's go to the terminal and see some examples.

01:47.120 --> 01:53.240
First, let's check if any map is installed by executing and map without any option.

01:55.540 --> 02:04.720
And it says command and map not found and gives instructions about how to install it on Debian and Ubuntu

02:04.720 --> 02:09.880
based distributions, you can install it by simply running app to install and map.

02:22.020 --> 02:22.800
And it's done.

02:24.810 --> 02:32.850
You can also install an app for Windows or Mac, and if you want a graphical interface, install Zend

02:32.850 --> 02:36.750
map, which is the official and MAP Security Scanner GUI.

02:40.720 --> 02:42.130
This is Zeynep.

02:44.530 --> 02:50.950
Let's try a Tsipi scan, if you are rude, this will be the default scanning type.

02:53.330 --> 02:59.360
I'm good and map and the IP address of the other Linux machine.

03:09.930 --> 03:15.110
And we see a lot of information about the scam and the destination host.

03:16.600 --> 03:24.910
We see how much time the scan took the Mac address of the destination host and the open ports.

03:26.630 --> 03:34.700
By default and cancer, the most common one thousand parts for each protocol, DCP and UDP, we see

03:34.700 --> 03:40.310
that for parks are open and 996 closed ports.

03:41.990 --> 03:45.440
If you are not told, you cannot perform this, Kim.

03:46.870 --> 03:53.350
I open up another terminal where I don't have good privileges and try to scan the host again, this

03:53.350 --> 03:55.750
time specifying minus S.

03:56.080 --> 03:59.950
S, which indicates A in skin.

04:01.100 --> 04:09.950
And map minus is a lower case s and an uppercase S and the IP address of the destination.

04:13.220 --> 04:20.720
And it says that I don't have the required privileges, what I can do is to perform another type of

04:20.720 --> 04:23.420
DCP scam called Connect Skin.

04:23.930 --> 04:26.660
This is the default for Nanako to users.

04:27.810 --> 04:32.040
I simply ran and map and the IP address of the destination.

04:37.980 --> 04:45.510
Or I can specify minus S and an upper the X the same.

04:47.910 --> 04:56.580
Earlier, I said that by default and scans the most common one thousand pork's for each protocol, a

04:56.580 --> 05:05.100
service has been moved to a non-standard port like SSX is listening on Port fifty thousand five.

05:07.230 --> 05:14.640
On the destination, let's change the stage demon listening port to fifty thousand five.

05:18.150 --> 05:25.680
This is the configuration file of SSX one, and I'll write Port and the New Will.

05:26.600 --> 05:28.010
Fifty thousand five.

05:29.640 --> 05:30.700
Next, the Newport.

05:32.100 --> 05:36.480
I'm saving the file and then restart the service.

05:44.510 --> 05:49.190
Now, SSX is listening on part fifty thousand five.

05:57.110 --> 06:04.610
And MAP will not scan the port by default, and you cannot discover that the service is running, let's

06:04.610 --> 06:06.400
scan the destination again.

06:10.910 --> 06:14.360
And we don't see that SFH is running.

06:15.480 --> 06:18.240
It didn't display the parties being open.

06:18.450 --> 06:21.530
In fact, it didn't scan the port at all.

06:22.110 --> 06:27.150
What I can do is specify the port of manually using A minus B option.

06:28.430 --> 06:36.830
Let's scan the target again and specify the path, the manually and map minus B and the parts I want

06:36.830 --> 06:44.840
to scan, let's say 20, 20 to 80 and 50 thousand five.

06:46.880 --> 06:49.490
And the destination, the same IP address.

06:53.860 --> 06:54.490
Perfect.

06:56.090 --> 07:03.740
Pork's 20 and 22 are closed and 80 and 50 thousand five are open.

07:05.630 --> 07:13.100
We see that the party is open, but it doesn't see who's listening on the port, what I can do now is

07:13.100 --> 07:18.950
add another option that does version detection and Vieques minus S.

07:18.990 --> 07:19.400
V.

07:23.760 --> 07:27.300
So minus with an upper case V.

07:31.790 --> 07:40.330
And it's much better it's displaying a lot of information about the services that are running on those

07:40.340 --> 07:40.790
ports.

07:42.080 --> 07:47.420
And if you want to scan all ports, you use minus B minus option like this.

07:50.210 --> 07:51.860
Scanning all ports.

07:53.010 --> 08:01.140
By the way, this can take a very long time if you press the enter key while scanning, it will say

08:01.140 --> 08:07.860
what percent of the entire scan process has been already performed and it's done five percent.

08:11.380 --> 08:15.280
I'm stopping and map by pressing control, plus see.

08:16.450 --> 08:18.970
This was all about DCP Scamps.

08:19.920 --> 08:28.650
Other types of scanners you can perform are UDP and ICMP scans, UTP worth scanning is generally slower

08:28.770 --> 08:36.390
and more difficult than Tsipi UDP port scanning is activated with the minus ESU option.

08:37.910 --> 08:42.050
And map miners as you localhost.

08:43.870 --> 08:46.420
I'm scanning the localhost for you, Deports.

08:48.100 --> 08:58.840
And this is the result, and to perform on ICMP, beings can use minus GNH or minus Espie and minus

08:58.840 --> 09:01.810
S and both letters are lowercase.

09:02.810 --> 09:05.030
And I'll skin an entire network.

09:10.880 --> 09:17.420
And it has displayed information about all hosts that are up in this network.

09:17.810 --> 09:19.460
This is the local area network.

09:20.540 --> 09:28.040
OK, this is all about and for the moment, there's a lot of information about AMAP, but I think they

09:28.040 --> 09:30.640
are the most important things you should know.

09:30.890 --> 09:37.010
I'll take text to this lecture some resources about and map in case you want to dive deeper into it.

09:37.370 --> 09:37.940
Thank you.