Nmap helps you discover open network ports on your devices. In this video, Mike Chapple explains the concept of network ports to get you ready to conduct Nmap scans.
- [Instructor] IP addresses may uniquely identify each system on a network, but those systems may be responsible for running many different services. That's where network ports come into play. Network ports are particular locations on a system associated with a specific application. Imagine that each computer on the network is an apartment building and each application is an individual apartment. The IP address on the computer is like the street address on the apartment building. But once you arrive at the building, you need specific instructions to get to the right apartment.
The network port is like the apartment number, guiding traffic to the correct application. Network ports are represented using a 16-bit binary number. When we write that out in decimal form, we have two to the 16th power, or 65,536, possible values. Just as with IP addresses, we start counting at zero, so port numbers may range from zero to 65,535. Different ranges of ports are used in different ways.
Ports between zero and 1,023 are known as the well-known ports. These are reserved for common applications and are assigned by internet authorities. Using well-known ports ensures that everyone on the internet will know how to find common services on a system such as web servers, email servers, and other commonly used applications. For example, web servers use the well-known port 80, while secure web servers use port 443. Ports between 1,024 and 49,151 are known as registered ports.
Application vendors may register their applications to use these ports. For example, Microsoft reserved port 1433 for SQL Server database connections, while Oracle registered port 1521 for its own database's use. Ports above 49,151 are set aside as dynamic ports that applications may use on a temporary basis. Here are the important port numbers that you need to know. The File Transfer Protocol, FTP, uses port 21 to transfer data between systems.
The Secure Shell protocol, SSH, uses port 22 for encrypted administrative connections to servers, while the Remote Desktop Protocol, RDP, uses port 3389 for a similar purpose. Windows systems use ports 137, 138, and 139 for network communications using the NetBIOS protocol. And all systems use port 53 for DNS lookups. The Simple Mail Transfer Protocol, SMTP, uses port 25 to exchange email between servers, while the Post Office Protocol, POP, allows clients to retrieve mail on port 110, and the Internet Message Access Protocol, IMAP, uses port 143 for a similar purpose.
The Hypertext Transfer Protocol, HTTP, uses port 80 for unencrypted web communications, while the secure version of HTTP, HTTPS, uses port 443 for encrypted communications. You'll want to be familiar with these common ports when you're performing network scans, but Nmap will help you out by identifying common services by name in the scan results. Searching the internet is also a great way to track down the possible identities of less commonly used network ports.
- TCP/IP networking
- Network scanning
- Installing Nmap
- Testing your Nmap installation
- Scanning with Nmap
- Host discovery options in Nmap
- Operating system and service version detection
- Case studies in scanning