Readings: Network scanning with NMAP

What is a Port Scanner and How Does it Work?

What is a port? Describe it with an analogy that would help a family member understand.

A port is like a door on a house. Each door (port) serves a specific purpose, allowing different types of communication to enter or leave.

What does a port scanner send to a port to check the current status?

A port scanner sends a "ping" or a series of connection requests to a port to check if it's open, closed, or filtered.

When a port scanner sends a request to connect, what are the three possible responses? Describe them.

Open: The port responds, indicating it's ready to accept a connection.
Closed: The port responds, indicating there's no service running on that port.
Filtered: No response or a limited response, suggesting a firewall or security measure may be blocking the scanner.

What is the difference between TCP and UDP?

TCP (Transmission Control Protocol): A connection-oriented protocol that ensures reliable and ordered data delivery. It's like a phone call with a continuous exchange, and you're assured the other person hears every word.
UDP (User Datagram Protocol): Connectionless protocol that delivers data without guaranteeing its arrival. It's like sending a letter – you send it, but you don't know if it reached its destination unless you get a reply.

Common Ports

List and describe the ports used for the following:

Telnet: The telecommunication network protocol (telnet) communicates over TCP port 23. This port lets individuals connect with devices remotely and view information on a single terminal screen.
SSH: Secure Shell communicates over TCP port 22. This port has some of the same functions as telnet, but all the information sent over SSH is encrypted.
DNS: The Domain Name System uses port 53. It's used to perform name resolution for IP addresses. Most DNS communications are over the UDP protocol.
SMTP: Simple Mail Transfer Protocol uses TCP port 25. This is server-to-server communication, one of the most common ways to send email messages over the Internet.
HTTP: Hypertext Transfer Protocol uses the TCP port 80. This port sends information between the client and the server over a nonencrypted communications channel.
HTTPS: The Hypertext Transfer Protocol Secure uses TCP port 443. It is used by most web servers today due to higher security than regular HTTP. HTTPS uses Transport Layer Security to secure communication between client and server.
RDP: Remote Desktop Protocol uses TCP port 3389. If you are using a Windows computer, a user can use RDP to view other people's desktops for troubleshooting issues remotely.
Ping: Ping uses the Internet control message protocol (ICMP). There is no specific port number. When a ping command is sent, the computer sends an ICMP echo request message to the destination, and the destination responds with an ICMP echo reply.