IP Addresses
Every computer (host) that connects to a network needs to have a logical address. For instance, a host can be any system with network access, such as a laptop, a smartphone, or a Raspberry Pi. We refer to this address as logical because it’s assigned by software and could change over time, for example, when the host connects to a new network. The logical address, in this case, is the IP address.
IP stands for Internet Protocol. To keep things simple, we will consider Internet Protocol version 4 (IPv4). An IPv4 address is made up of 4 decimal numbers. The range for each number is from 0 to 255. Example IPv4 addresses are:
192.168.0.10172.16.0.10010.10.11.121.1.1.1
The first 3 IP addresses in the list above are private, meaning that they can only be accessed from the private network they belong to. The last IP address, 1.1.1.1, is a public IP address that can be accessed by the whole Internet and belongs to Cloudflare.
Some IP addresses serve a special purpose. For example, 127.0.0.1 is often referred to as the ‘loopback address’ or ‘localhost’. By default, any packet or traffic destined to this address won’t leave the host.
Protocols and Servers
Let’s say that we want to set up a website and we’ve made it accessible to the whole Internet. In order to make our website accessible to the users on the Internet, a public IP address is required. A web server is a program that listens for incoming connections, usually from web browsers, and responds to their requests.
A server usually refers to a computer system that provides services to other clients, i.e. other computers, over a network. Example services include serving webpages, delivering email, and facilitating video conferencing.
Examples of TCP/IP Protocol
- Hypertext Transfer Protocol (HTTP) for serving webpages – port 80
- Domain Name System (DNS) for resolving hostnames to IP addresses – port 53
- Post Office Protocol version 3 (POP3) for delivering email – port 110
- Simple Mail Transfer Protocol (SMTP) for sending email – port 25
- Telnet for remote login – port 23
- Secure Shell (SSH) for secure remote login – port 22
TCP (Transmission Control Protocol) requires a three-way handshake for a connection to be established, while UDP (User Datagram Protocol) does not.
Nmap
Commands to run basic network port scans:
- nmap -sT MACHINE_IP – TCP Connect scan
- nmap -sS MACHINE_IP – TCP SYN scan
- nmap -sV MACHINE_IP – providers the version number of the running services
- nmap -sT -p- MACHINE_IP – scans all 65535 ports instead of the default 1000 ports
By default, Nmap checks the 1000 most common TCP ports.
- TCP Connect Scan: To run this type of scan, the
-sToption is required. Nmap will attempt to complete the three-way handshake in order to establish a connection with each port scanned. - TCP SYN Scan: You can select this scan with the
-sSoption, and Nmap will not make a complete connection if the port is open. Technically speaking, Nmap does not complete a TCP three-way handshake.
To better understand the difference between -sT and -sS, we can use the analogy of knocking on a door. The TCP connect scan (-sT) is like knocking on a door, waiting for someone to open it, greeting each other, then excusing yourself to leave. The TCP SYN scan (-sS) resembles knocking, and once someone answers, you pretend that it was not you that knocked and walk away innocently. The latter will make it more difficult for the other party to remember you.
Simple exercises but always good to revisit the concepts.
