1
00:00:00,680 --> 00:00:03,780
Welcome back, fellow network explorers.

2
00:00:03,800 --> 00:00:10,160
My name is Stefan, and in this lecture, we will delve into the fascinating world of Nmap port scanning.

3
00:00:10,160 --> 00:00:15,920
We will delve into advanced techniques that will help you uncover valuable information about target

4
00:00:15,920 --> 00:00:17,480
systems and services.

5
00:00:17,480 --> 00:00:23,120
So grab your virtual magnifying glass as we embark on this journey together.

6
00:00:23,120 --> 00:00:29,450
So Nmap offers a variety of port scanning techniques that cater to different scenarios.

7
00:00:29,480 --> 00:00:35,690
Understanding these techniques will empower you to choose the most appropriate method for your scanning

8
00:00:35,690 --> 00:00:36,170
needs.

9
00:00:36,170 --> 00:00:44,420
So by default, the privileged users enjoy the benefits of a scan stealth attack synchronizing stealth

10
00:00:44,450 --> 00:00:44,890
a cat.

11
00:00:44,900 --> 00:00:53,360
So this technique utilizes raw packets to detect port states using a technique known as half open.

12
00:00:53,360 --> 00:01:00,390
So on the other hand, unprivileged users who lack the ability to create any direct packets rely on

13
00:01:00,390 --> 00:01:02,040
the TCP scan technique.

14
00:01:02,040 --> 00:01:04,740
So TCP connect scan technique actually.

15
00:01:04,740 --> 00:01:14,340
So this method completes each TCP connection, fully making it slower compared to scan and synchronizing

16
00:01:14,340 --> 00:01:15,840
stealth scans.

17
00:01:15,840 --> 00:01:21,840
So fine tuning our Nmap scans to focus on specific port ranges is a valuable skill.

18
00:01:21,840 --> 00:01:28,950
It allows us to narrow down our search and optimize performance, especially when dealing with multiple

19
00:01:28,950 --> 00:01:29,610
targets.

20
00:01:29,610 --> 00:01:37,440
So you can specify port ranges in various ways using Nmap p option here.

21
00:01:37,440 --> 00:01:45,930
So for example, you can use comma separated lists to scan multiple ports like 80 and 443 like this

22
00:01:45,930 --> 00:01:56,940
here Nmap P here and 8443 and here we will enter the code silly.com and here.

23
00:01:57,700 --> 00:02:01,610
We are now scanning port 80 and port 443.

24
00:02:01,610 --> 00:02:08,470
And as you can see here, they are open at service port, 80 users on the servers called Http.

25
00:02:08,690 --> 00:02:15,110
And here for port 443 uses Https and they both open.

26
00:02:15,290 --> 00:02:20,480
Alternatively, you can define range uses using hyphens here.

27
00:02:20,480 --> 00:02:29,120
So for example such as the you can write like P here and one 200.

28
00:02:30,200 --> 00:02:38,000
And here we are telling Nmap to scan ports from 1 to 100 on console.com.

29
00:02:38,000 --> 00:02:45,040
And as you can see here, the Nmap show us the open ports on the specific domain address.

30
00:02:45,090 --> 00:02:50,420
Nmap also provides the flexibility to target specific ports by protocol.

31
00:02:50,450 --> 00:03:01,880
For instance, you can scan TCP port 2425 and UDP port 53 on a target using this command here again

32
00:03:01,880 --> 00:03:04,370
p here and without space.

33
00:03:04,370 --> 00:03:15,080
After P we enter the T here 25 and u here 53 and here you will enter the target domain or IP address.

34
00:03:15,080 --> 00:03:17,990
In this case it's domain code telecom.

35
00:03:17,990 --> 00:03:21,140
And here let's press enter.

36
00:03:21,140 --> 00:03:24,260
And as you can see here, your port specifications are illegal.

37
00:03:24,260 --> 00:03:25,670
Example of proper port here.

38
00:03:25,670 --> 00:03:29,180
So we did something wrong here and here.

39
00:03:30,120 --> 00:03:30,930
After that of.

40
00:03:30,930 --> 00:03:33,300
Sorry, we need to add few dots here.

41
00:03:34,960 --> 00:03:35,790
Yes, that's it.

42
00:03:35,800 --> 00:03:41,380
And here your paws include you, but you don't have specified UDP scan with you here.

43
00:03:41,380 --> 00:03:43,210
So you can also scan with this.

44
00:03:43,210 --> 00:03:47,800
But in this case, we just scan the TCP here and here.

45
00:03:47,920 --> 00:03:52,540
And as you can see, it's filtered and it's a Smtp here.

46
00:03:53,410 --> 00:03:59,110
Smtp server is actually used for emails and email communication.

47
00:03:59,110 --> 00:04:06,850
So here additionally, you can focus on ports associated with specific services using service names

48
00:04:06,850 --> 00:04:13,450
such as Nmap, P here, and after p it actually let me clear that.

49
00:04:13,450 --> 00:04:21,250
So nmap p here nmap p and after p you can enter with with space here.

50
00:04:21,250 --> 00:04:30,280
So nmap p smtp here and you will enter a domain name or IP address here, code.com.

51
00:04:30,280 --> 00:04:33,640
And now we have a segmentation fault here.

52
00:04:33,640 --> 00:04:36,240
Let's actually use with sudo here.

53
00:04:36,920 --> 00:04:38,090
Enter password.

54
00:04:38,090 --> 00:04:42,440
And as you can see here, we got segmentation fault again.

55
00:04:46,000 --> 00:04:49,070
This fault is actually a bug on the Nmap.

56
00:04:49,150 --> 00:04:50,320
This version here.

57
00:04:50,320 --> 00:04:54,520
So I think they will fix that in next versions.

58
00:04:54,520 --> 00:05:02,830
But here you can also fix that by uninstalling the purging and then installing Nmap again, which we

59
00:05:02,830 --> 00:05:04,870
will do in next lectures.

60
00:05:04,870 --> 00:05:06,550
How to fix that fault here.

61
00:05:06,550 --> 00:05:14,740
So here now Nmap here also provides the flexibility to.

62
00:05:16,180 --> 00:05:19,740
Active use the active network interface in order to.

63
00:05:19,750 --> 00:05:24,880
However, there may be instances when it fails to do so or when you need to select a specific interface

64
00:05:24,880 --> 00:05:27,100
for network testing purposes.

65
00:05:27,100 --> 00:05:33,220
So to ensure app scans using the desired network interface, for example, lets you see what is our

66
00:05:33,220 --> 00:05:34,000
network interface.

67
00:05:34,000 --> 00:05:36,430
In this case it's the Eth0.

68
00:05:36,430 --> 00:05:44,830
So here to ensure Nmap scans using the desired network interface, you can use the E argument followed

69
00:05:44,830 --> 00:05:46,000
by the interface name.

70
00:05:46,000 --> 00:05:46,780
For example.

71
00:05:46,780 --> 00:05:54,400
In order to do that you will enter the Nmap here e here argument and after that you will enter the eth0

72
00:05:54,400 --> 00:05:55,840
in my case and here.

73
00:05:55,840 --> 00:06:04,090
And after that you will enter the target name and here in this case our Nmap.

74
00:06:04,120 --> 00:06:11,260
This code here forces the nmap to use the eth0 for the scan.

75
00:06:11,260 --> 00:06:14,410
And here, as you can see here, you can.

76
00:06:16,220 --> 00:06:16,700
I'm sorry.

77
00:06:17,700 --> 00:06:26,700
So you can also use the press to debugging or you can use the arrow keys to show the process here.

78
00:06:48,850 --> 00:06:51,400
And here, as you can see here, it's still.

79
00:06:52,940 --> 00:06:53,780
Using that.

80
00:07:17,470 --> 00:07:19,000
So it might take some time here.

81
00:07:19,300 --> 00:07:22,750
I know it's actually halfway down here, etcetera.

82
00:07:28,010 --> 00:07:29,540
59% here.

83
00:07:36,020 --> 00:07:40,640
And here our scan is complete with this preferred interface here.

84
00:07:40,640 --> 00:07:41,540
So.

85
00:07:42,280 --> 00:07:51,490
And as you can see here, we we ensure that we are now using the Eth0 for Nmap interface for the scanning

86
00:07:51,580 --> 00:07:51,910
here.

87
00:07:51,910 --> 00:07:57,700
And congratulations, you learned some advanced techniques for port scanning with Nmap by understanding

88
00:07:57,700 --> 00:08:05,410
the differences between a privileged and unprivileged scans and scanning specific port ranges and selecting

89
00:08:05,410 --> 00:08:13,210
the ideal network interface interface at the end and you are now equipped to conduct precise and efficient

90
00:08:13,240 --> 00:08:14,530
network reconnaissance.

91
00:08:14,530 --> 00:08:18,270
So remember, responsible scanning is essential.

92
00:08:18,280 --> 00:08:24,370
Always ensure you have a proper authorizations and adhere to ethical guidelines when performing security

93
00:08:24,370 --> 00:08:25,120
assessments.

94
00:08:25,120 --> 00:08:32,140
And so go forth, explore the depths of your network and uncover the hidden treasures that await with

95
00:08:32,140 --> 00:08:32,740
Nmap.

96
00:08:32,740 --> 00:08:34,870
And I'm waiting you in the next lecture.