Cyber Security Network Mapping & Port Scanning

🗺️ Cyber Security Network Mapping & Port Scanning (In-Depth Guide)

Cyber Security Network Mapping & Port Scanning are the first steps of any cyber attack and cyber defense.

👉 Hackers use them to find targets
👉 Security teams use them to find weaknesses before hackers do

🔹 What is Network Mapping?

Network Mapping is the process of discovering and visualizing:

  • Live hosts (devices)

  • IP addresses

  • Network range

  • Network topology

  • Connected services

📌 In simple words:

Network mapping answers: “Who is connected to this network?”

🔹 Why Network Mapping is Important in Cyber Security

  • Identifies unauthorized devices

  • Helps understand attack surface

  • Detects misconfigured systems

  • Foundation of penetration testing

  • Required for SOC & blue teams

📌 You can’t protect what you don’t know exists

🔹 What is Port Scanning?

Port Scanning is the process of checking:

  • Which ports are open

  • Which services are running

  • Which ports are closed or filtered

📌 In simple words:

Port scanning answers: “Which doors are open?”

🔹 IP + Port = Complete Target

  • IP address → identifies the machine

  • Port number → identifies the service

Example:

192.168.1.10 : 22 SSH
192.168.1.10 : 80 HTTP

📌 Open port = Possible entry point

🔹 Network Mapping Techniques

1️⃣ Ping Sweep

Finds live hosts using ICMP.

✔ Fast
❌ Can be blocked by firewall

2️⃣ ARP Scanning (Local Network)

Maps devices by resolving IP → MAC.

✔ Very accurate in LAN
✔ Hard to block internally

3️⃣ DNS Enumeration

Finds:

  • Subdomains

  • Internal structure clues

Example:

  • mail.example.com

  • admin.example.com

4️⃣ Traceroute Mapping

Shows packet path (routers/hops).

📌 Useful for:

  • Network structure analysis

  • Firewall placement detection

🔹 Port Scanning Types (Very Important)

🔵 TCP Connect Scan

  • Completes full TCP handshake

  • Reliable

  • Easily logged

🔵 SYN Scan (Half-Open)

  • Sends SYN only

  • Faster & stealthier

📌 Most commonly used scan

🟠 UDP Scan

  • Scans UDP services

  • Slower

  • Often ignored by admins (risky!)

🟣 FIN / NULL / Xmas Scans

  • Stealth scans

  • Bypass weak firewalls

📌 Used for evasion testing

🔹 Port States Explained

State Meaning
Open Service running
Closed No service
Filtered Blocked by firewall
Open Filtered

📌 Open ports = attack opportunities

🔹 Common Ports Hackers Look For

Port Service Risk
21 FTP Weak auth
22 SSH Brute force
23 Telnet Plaintext
80 HTTP Web attacks
443 HTTPS Web/API
3306 MySQL DB exposure
3389 RDP Remote takeover

🔹 Practical Commands (Educational)

ping 192.168.1.1
tracert google.com
netstat -an
ss -tuln

📌 These commands help in legitimate network auditing

🔹 Network Mapping & Port Scanning in Attack Chain

1️⃣ Discover network
2️⃣ Identify live hosts
3️⃣ Scan open ports
4️⃣ Identify services
5️⃣ Find vulnerabilities
6️⃣ Exploit

📌 Scanning is reconnaissance, not hacking yet

🔹 Defensive Use (Blue Team View)

✔ Identify unnecessary open ports
✔ Close unused services
✔ Harden firewall rules
✔ Detect scanning behavior
✔ Log & alert on scans

📌 Regular internal scans = stronger security

🔹 Firewalls vs Port Scanning

Firewall Scanner
Blocks ports Detects open ports
Filters traffic Tests firewall rules
Defensive Offensive & defensive

📌 Misconfigured firewall = exposed ports

🔹 Legal & Ethical Warning ⚠️

❌ Scanning without permission is illegal
✅ Scanning your own network or authorized systems is legal

📌 Always get written permission

🎯 Career Importance (Very High 🔥)

Required for:

  • Ethical Hacker

  • Penetration Tester

  • SOC Analyst

  • Network Security Engineer

  • Bug Bounty Hunter

📌 Asked in CEH, Security+, interviews

🧠 Key Takeaways

✔ Network mapping finds devices
✔ Port scanning finds services
✔ Open ports = attack surface
✔ Defense starts with discovery

🔐 Every cyber attack begins with scanning

You may also like...