Cyber Security Network Mapping & Port Scanning
🗺️ Cyber Security Network Mapping & Port Scanning (In-Depth Guide)
👉 Hackers use them to find targets
👉 Security teams use them to find weaknesses before hackers do
🔹 What is Network Mapping?
Network Mapping is the process of discovering and visualizing:
Live hosts (devices)
IP addresses
Network range
Network topology
Connected services
📌 In simple words:
Network mapping answers: “Who is connected to this network?”
🔹 Why Network Mapping is Important in Cyber Security
Identifies unauthorized devices
Helps understand attack surface
Detects misconfigured systems
Foundation of penetration testing
Required for SOC & blue teams
📌 You can’t protect what you don’t know exists
🔹 What is Port Scanning?
Port Scanning is the process of checking:
Which ports are open
Which services are running
Which ports are closed or filtered
📌 In simple words:
Port scanning answers: “Which doors are open?”
🔹 IP + Port = Complete Target
IP address → identifies the machine
Port number → identifies the service
Example:
📌 Open port = Possible entry point
🔹 Network Mapping Techniques
1️⃣ Ping Sweep
Finds live hosts using ICMP.
✔ Fast
❌ Can be blocked by firewall
2️⃣ ARP Scanning (Local Network)
Maps devices by resolving IP → MAC.
✔ Very accurate in LAN
✔ Hard to block internally
3️⃣ DNS Enumeration
Finds:
Subdomains
Internal structure clues
Example:
mail.example.com
admin.example.com
4️⃣ Traceroute Mapping
Shows packet path (routers/hops).
📌 Useful for:
Network structure analysis
Firewall placement detection
🔹 Port Scanning Types (Very Important)
🔵 TCP Connect Scan
Completes full TCP handshake
Reliable
Easily logged
🔵 SYN Scan (Half-Open)
Sends SYN only
Faster & stealthier
📌 Most commonly used scan
🟠 UDP Scan
Scans UDP services
Slower
Often ignored by admins (risky!)
🟣 FIN / NULL / Xmas Scans
Stealth scans
Bypass weak firewalls
📌 Used for evasion testing
🔹 Port States Explained
| State | Meaning |
|---|---|
| Open | Service running |
| Closed | No service |
| Filtered | Blocked by firewall |
| Open | Filtered |
📌 Open ports = attack opportunities
🔹 Common Ports Hackers Look For
| Port | Service | Risk |
|---|---|---|
| 21 | FTP | Weak auth |
| 22 | SSH | Brute force |
| 23 | Telnet | Plaintext |
| 80 | HTTP | Web attacks |
| 443 | HTTPS | Web/API |
| 3306 | MySQL | DB exposure |
| 3389 | RDP | Remote takeover |
🔹 Practical Commands (Educational)
📌 These commands help in legitimate network auditing
🔹 Network Mapping & Port Scanning in Attack Chain
1️⃣ Discover network
2️⃣ Identify live hosts
3️⃣ Scan open ports
4️⃣ Identify services
5️⃣ Find vulnerabilities
6️⃣ Exploit
📌 Scanning is reconnaissance, not hacking yet
🔹 Defensive Use (Blue Team View)
✔ Identify unnecessary open ports
✔ Close unused services
✔ Harden firewall rules
✔ Detect scanning behavior
✔ Log & alert on scans
📌 Regular internal scans = stronger security
🔹 Firewalls vs Port Scanning
| Firewall | Scanner |
|---|---|
| Blocks ports | Detects open ports |
| Filters traffic | Tests firewall rules |
| Defensive | Offensive & defensive |
📌 Misconfigured firewall = exposed ports
🔹 Legal & Ethical Warning ⚠️
❌ Scanning without permission is illegal
✅ Scanning your own network or authorized systems is legal
📌 Always get written permission
🎯 Career Importance (Very High 🔥)
Required for:
Ethical Hacker
Penetration Tester
SOC Analyst
Network Security Engineer
Bug Bounty Hunter
📌 Asked in CEH, Security+, interviews
🧠 Key Takeaways
✔ Network mapping finds devices
✔ Port scanning finds services
✔ Open ports = attack surface
✔ Defense starts with discovery
🔐 Every cyber attack begins with scanning
