Analysis of Traffic Usage by Scanning Computer Networks with Different Versions of Nmap
DOI:
https://doi.org/10.31649/1997-9266-2021-155-2-92-97Keywords:
Nmap, network traffic, sniffer, network scanning, intrusion detection systemAbstract
Currently, there are a large number of tools for network monitoring and diagnostics which can be used for various purposes, both authorized persons and other persons who may have unauthorized access to the network. One of them is the Nmap network scanner. The Nmap is a powerful open source network scanning application. Currently it is almost indispensable tool for diagnosing network operation, detecting fault network configurations, and also helps in finding vulnerabilities within the network. The Nmap network scanner is being improved by its author and independent developers. Nowadays the team of this application expands its functionality and improves existing tools that significantly affects its network behavior.
Sniffers are usually used to detect scanning activity on the network, which captures packets passing through them. At this time, they and the intrusion detection software can be used to identify the hosts that perform the scan. However, the task of identifying the software that scans the network and its versions remain relevant. The article considers the solution of the task on the example of the network scanner Nmap.
The use of traffic by different versions of the Nmap during different scanning phases is considered. Differences in the operation of the program arise as a result of updating the current code of this application and its scanning scripts. In most cases, the code does not change significantly within one majority version. However, even minor changes can affect the software identification process when analyzing network traffic. The work of the following versions of Nmap is analyzed: 7.01, 7.60, 7.80.
References
Gordon Fyodor Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Sunnyvale, CA, USA: Insecure, 2009, 464 p.
R. R. Singh, and D. S. Tomar, “Port scanning attack analysis with Dempster–Shafer evidence theory,” Int. J. Appl. Eng. Res., vol. 12, no. 16, pp. 5900-5904, 2017.
G. Bagyalakshmi et al., “Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools,” IEEE Access, vol. 6, pp. 57144-57151, 2018.
В. Ю. Кива, і Ю. С. Дрозд, «Аналіз існуючих методів кібернетичної розвідки інформаційно-телекомунікаційних мереж,» Збірник наукових праць Центру воєнно-стратегічних досліджень Національного університету оборони України імені Івана Черняховського, № 3, с. 62-66, 2017.
В. В. Довгий, і І. В. Небесний, Алгоритми сканування портів у корпоративній комп’ютерній мережі. Тернопіль, Україна: ТНЕУ, 2018. [Електронний ресурс]. Режим доступу: http://dspace.tneu.edu.ua/handle/316497/31957 .
В. В. Довгий, Алгоритми виявлення процедури сканування портів в корпоративній комп’ютерній мережі. Тернопіль, Україна: ТНЕУ, 2018. [Електронний ресурс]. Режим доступу: http://dspace.tneu.edu.ua/handle/316497/32436 .
J. P. S. Medeiros, A. M. Brito, and P. S. M. Pires, “A data mining based analysis of nmap operating system fingerprint database,” in Computational Intelligence in Security for Information Systems, Springer, 2009, pp. 1-8.
І. П. Малініч, і В. І. Месюра, «Ін’єктивний метод отримання даних користувацького досвіду в ігрових симуляторах комп’ютерних мереж,» Вісник Вінницького політехнічного інституту, № 5, с. 49-54, 2019.
Mark Wolfgang, Host Discovery with NMAP 2015. [Online]. Available:
https://havel.mojeservery.cz/wp-content/uploads/2015/10/nmap-discovery-howto-2002.pdf . Accessed on: December 17, 2020.
Host Discovery with NMAP. [Online]. Available: https://medium.com/@minimalist.ascent/host-discovery-with-nmap-a3759e3d214f . Accessed on: December 17, 2020.
І. Малініч, В. Месюра, і П. Малініч, Проблеми створення середовищ для визначення типу сканувальної активності, що здійснюється при скануванні мереж, Вінниця: ВНТУ, 2021.
Nmap. Ubuntu packages [Online]. Available: https://packages.ubuntu.com/search?keywords=nmap. Accessed on: December 17, 2020.
Downloads
-
PDF (Українська)
Downloads: 465
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).