TCP Port Scan with Nmap
About this tool
TCP Port Scan with Nmap allows you to discover which TCP ports are open on your target host.
Network ports are the entry points to a machine that is connected to the Internet. A service that listens on a port is able to receive data from a client application, process it and send a response back. Malicious clients can sometimes exploit vulnerabilities in the server code so they gain access to sensitive data or execute malicious code on the machine remotely. That is why testing for all ports is necessary in order to achieve a thorough security verification.
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. Port scanning is done differently for TCP ports and for UDP ports that's why we have different tools.
- Target: This is the hostname of IP address(es) to scan
- Ports to scan - Common: This option tells Nmap to scan only the top 100 most common TCP ports (Nmap -F).
- Ports to scan - Range: You can specify a range of ports to be scanned. Valid ports are between 1 and 65535.
- Ports to scan - List: You can specify a comma separated list of ports to be scanned.
- Detect service version: In this case Nmap will try to detect the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.
- Detect operating system: If enabled, Nmap will try to determine the type and version of the operating system that runs on the target host. The result is not always 100% accurate, depending on the way the target responds to probe requests.
- Do traceroute: If enabled, Nmap will also do a traceroute to determine the path packets take from our server to the target server, including the ip addresses of all network nodes (routers).
- Don't ping host: If enabled, Nmap will not try to see if the host is up before scanning it (which is the default behavior). This option is useful when the target host does not respond to ICMP requests but it is actually up and it has open ports.
How it works
The tool is a web interface for the well known Nmap, which is executed with the proper parameters in order to provide speed and accuracy.
The scanning is done by sending packets to each port and listening for replies. The scanning technique is called 'SYN scan', which sends TCP SYN packets to each port. If a port responds with SYN-ACK, it is flagged as open and a RST is sent back by our tool. This way there is no full TCP connection established with the target host.