Use nmap to identify the services and the software running on those services on a remote host.
- [Voiceover] One of the first tasks…after identifying a remote host…is to enumerate the ports available on it.…We can do this easily with the nmap command.…Let's enumerate the services on our metasploitable host…using the minus PS option.…Okay, that provides a list of all open TCP services.…We may also want to know what UDP services…are listening for datagrams.…We can do this with the minus SU option.…This takes quite awhile.…
This has now completed its check of all 65,000 or so ports,…and we can see the four UDP ports that are listening.…Sometimes, as in the case of UDP port 68, 69, and 138,…we may see ports shown as filtered.…In these cases, nmap believes that a firewall,…filter, or other network obstacle is blocking the port,…and can't tell whether it's open or closed.…Nmap can also provide details…of the services running on the open ports.…I can request this by using the minus SV option.…
For the sake of time, I'll restrict this…to just a few of the identified ports…and add the T and U options to include both protocols.…
An overview of the CEH exam, blueprint, and eligibility criteria can be found at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- What is enumeration?
- Understanding NetBIOS, SMB, SAMBA, and RPC
- Profiling hosts
- Investigating interfaces
- Enumerating SMB
- Enumerating SNMP and RPC
- Enumerating the Internet
- Working with other enumeration tools