Get a resume

Network discovery with Nmap

Report about the discovery and mapping of a first domestic computer network.
* Timespan: December 2022
* Description:
  - Supervised university project, without technical production.
  - Report about the discovery and mapping of a first domestic computer network.
* Improvement paths:
  - Learn how to use the timing options implemented by Nmap.
  - Learn to manipulate the Nmap Scripting Engine (NSE) and related scripts.

The main goal of this project was to grasp the diversity of components in a computer network and understand their interactions.
A second target, developed as the project progressed, was to learn how to handle the essential tool that Nmap represents for network and computer system administrators.
The process used to discover the components of the home network is summarized below:

  1. Host discovery.
  2. Host identification.
  3. Service identification.

Two main problems were encountered while working on this project:

  1. Scanning ports operating with User Datagram Protocol (UDP): compared to scanning ports operating with Transmission Control Protocol (TCP), scanning ports operating with UDP is endless. This is due to the differences between the two Transport layer protocols, TCP and UDP. While initiating a TCP handshake is enough to determine whether a port using TCP is open, we'll have to send UDP datagrams and hope to get a signal back to determine whether a port using UDP is open.
    Since the UDP protocol is unreliable by definition (connectionless, no datagram acknowledgement), determining which ports using UDP are open or closed is difficult.
    Alternatives to bypass and reduce scan times were then considered:
    • Only scan the 1000 most-used UDP ports.
    • Only scan ports 0 to 1023, known as system ports or known ports, which provide the most common network services.
    • Disable any advanced scan (operating systems, services, responses to NSE vulnerability scripts) and disable domain name resolution when possible.
    • Use timing options implemented by Nmap to speed up the transmission of datagrams and the analysis of potential responses.
  2. Scan the home network from another network.
    Two major problems prevented the home network from being scanned from an external network:
    • The home network uses private IPv4 addresses. Without setting up a tunnel, scanning a host identified by a private IPv4 address is impossible from the public Internet.
    • The home network gateway implements a Network/Port Address Translation (NAT/PAT) mechanism. Unless Destination NAT/PAT is implemented on the gateway, NAT/PAT functionality on the gateway is disabled or the gateway is used as a proxy/pivot, it is impossible to scan the home network from an external network.

Documents and deliverables

Rapport de scan réseau
en_USEN
fr_FRFR en_USEN