1
00:00:00,060 --> 00:00:04,380
Well, what do open, closed or filtered actually means?

2
00:00:04,410 --> 00:00:10,290
Let's take a closer look at the results of unmap when A sends packets to a port and receives a positive

3
00:00:10,290 --> 00:00:10,830
response.

4
00:00:11,280 --> 00:00:17,760
The port is assigned the state of open, for example, since Gane receives a Sinak from the destination

5
00:00:17,760 --> 00:00:19,320
system if the port is open.

6
00:00:20,540 --> 00:00:26,960
If Unmap determines that a port is not available, it assigns it the closed state, this signifies it,

7
00:00:26,960 --> 00:00:31,490
and MAP has received a result that clearly shows that the port is closed.

8
00:00:32,150 --> 00:00:37,910
A sin scan receiving a receipt in response to a port query is an example of a closed port.

9
00:00:39,020 --> 00:00:44,990
Filtered ports are the result of a packet filter or firewall when no response at all is received from

10
00:00:44,990 --> 00:00:45,860
the remote device.

11
00:00:46,730 --> 00:00:48,260
The port is considered to be filtered.

12
00:00:49,340 --> 00:00:56,120
A response isn't received from the port and map of an retries communication to the port to ensure that

13
00:00:56,120 --> 00:01:00,110
the packet wasn't simply dropped due to error or congestion.

14
00:01:00,920 --> 00:01:04,819
Please note that this type of response is categorized differently.

15
00:01:05,150 --> 00:01:12,800
If this is a different scan type, such as a UDP scan or a fin scan, the next result, open filter

16
00:01:12,800 --> 00:01:13,630
is coming in a minute.

17
00:01:14,090 --> 00:01:19,520
On the other hand, if the destination systems return, an unexpected response.

18
00:01:19,940 --> 00:01:21,860
Again, the port is considered to be filtered.

19
00:01:22,970 --> 00:01:28,450
If we get an ICMP unreachable response in a sense scan, the port is flagged as filtered.

20
00:01:29,090 --> 00:01:34,760
Now, in some cases, the lack of a response may not necessarily mean that a port is filtered.

21
00:01:35,450 --> 00:01:42,320
Lack of a response might mean that the port might also be open now in these situations, and map signifies

22
00:01:42,320 --> 00:01:47,240
that the port is either filtered or open, for example, in a UDP connection.

23
00:01:47,240 --> 00:01:53,470
In most cases, the destination system does not send a response when it receives a UDP packet.

24
00:01:54,380 --> 00:02:01,220
So if the destination system does not respond and map categorizes it as open, filtered makes sense.

25
00:02:02,330 --> 00:02:06,470
In this slide, you see some of the most known default ports.

26
00:02:07,440 --> 00:02:12,880
So here's a question, if the Port 22 is open, is the service running there?

27
00:02:12,900 --> 00:02:13,710
Absolutely.

28
00:02:13,710 --> 00:02:16,440
And S.H., could there be another service?

29
00:02:17,370 --> 00:02:20,490
Well, these are the default port numbers of the services.

30
00:02:20,850 --> 00:02:23,180
You can run any service in any port.

31
00:02:23,940 --> 00:02:27,480
You can run HTP on board 22, for example.

32
00:02:28,050 --> 00:02:31,620
But for the ease of use, the default ports are used in general.

33
00:02:31,920 --> 00:02:37,320
So if you're performing a test, you should probably look at the well-known ports first, but you should

34
00:02:37,320 --> 00:02:39,270
never just scan the default ports.

35
00:02:40,670 --> 00:02:42,890
There are different ways to scan ports with a map.

36
00:02:43,810 --> 00:02:45,340
Let's see how we can scan ports.

37
00:02:46,430 --> 00:02:52,430
Let's prepare a second scan for him, Métis portable device, the IP address of my meds voidable is

38
00:02:52,430 --> 00:02:56,120
one seven two one six eight nine nine two zero six.

39
00:02:57,240 --> 00:03:04,050
If you do not use any one of the port scanning parameters, top 1000 ports are scanned, top ports are

40
00:03:04,050 --> 00:03:05,940
the most used ports in general.

41
00:03:07,270 --> 00:03:11,140
The first way of choosing the ports to scan is using parameter.

42
00:03:12,160 --> 00:03:14,530
After entering the scanned type and target IP.

43
00:03:19,280 --> 00:03:21,560
Enter the port numbers with parameter.

44
00:03:22,550 --> 00:03:30,020
You can at reports one by one, separated by a comma, or you can give a range of ports by putting a

45
00:03:30,020 --> 00:03:31,870
dash between the port numbers.

46
00:03:32,870 --> 00:03:39,980
In this example, the ports, 20 to 80 and the ports between 100 and 200 are scanned.

47
00:03:41,670 --> 00:03:46,620
If you perform both TCP scan and UDP scan in a single and map query.

48
00:03:47,670 --> 00:03:53,040
You can choose both the EDP boards and the TCP boards using parameter.

49
00:03:53,940 --> 00:03:59,940
Where they send maps, scan will use both since scan and UDP scan at the same time, we haven't seen

50
00:03:59,940 --> 00:04:04,890
it yet, but the UDP scan is performed using s capital you parameter.

51
00:04:05,160 --> 00:04:08,430
And as you know, the cities scan is a type of TCP scan.

52
00:04:08,910 --> 00:04:12,210
After entering the target IP put Desh P.

53
00:04:13,440 --> 00:04:22,190
One or TCP words put uppercase T with a colon just after the parameter P and the T seaports to scan.

54
00:04:23,170 --> 00:04:29,050
Sam is giving port numbers directly with parameter, you can enter ports one by one, separated by a

55
00:04:29,050 --> 00:04:33,700
comma, or you can give a range of ports by putting a dash between the port numbers.

56
00:04:34,850 --> 00:04:41,870
To specify the UDP reports put you as another case, you with a colon and the ports with the same format.

57
00:04:42,930 --> 00:04:51,090
For this example, let's scan the TCP ports to an 80 and the UDP ports 53 and the ports between 139

58
00:04:51,090 --> 00:04:51,870
and 150.

59
00:04:53,010 --> 00:04:56,760
So here are the results, TCP ports first and then UDP ports.

60
00:04:58,320 --> 00:05:04,500
Now, the way to specify the ports is using top ports parameter, using this with the number of ports

61
00:05:04,500 --> 00:05:08,810
that will be scanned, you can scan the top ports within this parameter.

62
00:05:09,300 --> 00:05:12,120
So let's scan top 20 ports for this example.

63
00:05:12,970 --> 00:05:16,330
So here are the top results of the most used 20 ports.

64
00:05:17,630 --> 00:05:23,840
If you use uppercase F, which means fast scan top 100 ports or scan.

65
00:05:24,790 --> 00:05:29,080
So let's perform an end map since scan with a parameter here.

66
00:05:34,030 --> 00:05:40,060
And open another terminal screen and perform another and map scan using top ports 100 parameter.

67
00:05:48,040 --> 00:05:52,390
As you see, we get the same result because these are the same queries.

68
00:05:54,650 --> 00:05:57,050
If you'd like to scan all the parts of the system.

69
00:05:58,250 --> 00:06:03,440
Well, you should scan all the ports of the systems and append test, you have to use the parameter

70
00:06:03,440 --> 00:06:06,950
with the interval from one to 65, 535.

71
00:06:07,910 --> 00:06:09,980
This is a range of possible port numbers.

72
00:06:11,240 --> 00:06:19,370
Prepare the maps and scan Creary with the destination IP address now put P one dash six five five three

73
00:06:19,370 --> 00:06:19,790
five.

74
00:06:23,590 --> 00:06:24,370
And hit enter.

75
00:06:26,620 --> 00:06:28,870
Here are all the open ports of medicine voidable.

76
00:06:30,890 --> 00:06:37,130
By default and MAP does host Discovery and then performs a port scan against each host it determines

77
00:06:37,130 --> 00:06:37,820
is online.

78
00:06:39,050 --> 00:06:46,280
If you use P N in the N McCreery, you skip host Discovery and Port, Skåne, all target hosts.

79
00:06:47,200 --> 00:06:53,140
Disabling host discovery with poison causes and map to attempt the requested scanning functions against

80
00:06:53,140 --> 00:06:55,200
every target IP address specified.

81
00:06:55,840 --> 00:07:03,490
So if Class C target address space, that means 24 is specified on the command line, all 255 IP addresses

82
00:07:03,490 --> 00:07:03,970
are scanned.

83
00:07:04,960 --> 00:07:06,130
Why would we want to do this?

84
00:07:06,370 --> 00:07:13,720
As you know, if you were a privileged user and MAP sends four types of packets to discover hosts ICMP

85
00:07:13,720 --> 00:07:17,710
Echo Request Send Packet to TCP 443 Port.

86
00:07:18,640 --> 00:07:23,950
Backpacked packett to TCP Port and ICMP timestamp request.

87
00:07:25,870 --> 00:07:33,820
If a system is configured not to answer to ICMP request and if the ports 80 and 443 are filtered, then

88
00:07:33,820 --> 00:07:37,410
that map thinks that the host is down even if it's up.

89
00:07:37,420 --> 00:07:44,320
If you find a system which is not found by pings, can always use -- for further port scans otherwise.

90
00:07:44,320 --> 00:07:49,040
And MAP doesn't perform the ports scan because it assumes that the host is not up.

91
00:07:49,510 --> 00:07:56,350
So if your network is not big or if you don't have enough time to scan, you should skip the ping scan

92
00:07:56,350 --> 00:07:59,290
and run the port scans for every possible IP address.

93
00:08:00,280 --> 00:08:06,400
Use a sports fan instead of ping scan, if you were scanning a server block, because those systems

94
00:08:06,400 --> 00:08:09,320
are configured to be more secure than usual.

95
00:08:10,000 --> 00:08:13,030
Then you can find more computers than the ping scans do.

96
00:08:14,100 --> 00:08:14,970
You're halfway there.