A refresher on Nmap

- [Instructor] One of the first tasks…after identifying a remote host…is to enumerate the services available on it.…Kali provides nmap, zenmap, and unicornscan…as pre-loaded port scanning tools.…Let's take a look at using nmap to detect open ports…and check the services running on them.…When testing, we want to run the port scans efficiently.…So if we know in advance what the services are on a host,…we can specify them as known ports.…

For example, if we know that the Popcorn server…on 10.10.10.6…has just ssh and http open,…we can run nmap with ports 22 and 80 specified.…The -PS option tells nmap to test services…by starting to open a connection…using the TCP three-way handshake.…The -A option will provide details…about each of the services including the software running…and any service-specific information.…

Here we can see that we're running OpenSSH 5.1p1 on port 22…and Apache 2.2.12…on port 80.…The operating system is Ubuntu.…For the SSH service, it provides some host keys.…These are not particularly useful to us at this time.…