Analysis of Traffic Usage by Scanning Computer Networks with Different Versions of Nmap

Authors

  • I. P. Malinich Vinnytsia National Technical University
  • V. I. Mesyura Vinnytsia National Technical University
  • I. R. Arseniuk Vinnytsia National Technical University

DOI:

https://doi.org/10.31649/1997-9266-2021-155-2-92-97

Keywords:

Nmap, network traffic, sniffer, network scanning, intrusion detection system

Abstract

Currently, there are a large number of tools for network monitoring and diagnostics which can be used for various purposes, both authorized persons and other persons who may have unauthorized access to the network. One of them is the Nmap network scanner. The Nmap is a powerful open source network scanning application. Currently it is almost indispensable tool for diagnosing network operation, detecting fault network configurations, and also helps in finding vulnerabilities within the network. The Nmap network scanner is being improved by its author and independent developers. Nowadays the team of this application expands its functionality and improves existing tools that significantly affects its network behavior.

Sniffers are usually used to detect scanning activity on the network, which captures packets passing through them. At this time, they and the intrusion detection software can be used to identify the hosts that perform the scan. However, the task of identifying the software that scans the network and its versions remain relevant. The article considers the solution of the task on the example of the network scanner Nmap.

The use of traffic by different versions of the Nmap during different scanning phases is considered. Differences in the operation of the program arise as a result of updating the current code of this application and its scanning scripts. In most cases, the code does not change significantly within one majority version. However, even minor changes can affect the software identification process when analyzing network traffic. The work of the following versions of Nmap is analyzed: 7.01, 7.60, 7.80.

Author Biographies

I. P. Malinich, Vinnytsia National Technical University

Assistant Lecturer of the Chair of Computer Sciences

V. I. Mesyura, Vinnytsia National Technical University

Cand. Sc., Associate Professor, Professor of the Chair of Computer Sciences

I. R. Arseniuk, Vinnytsia National Technical University

Cand. Sc. (Eng.), Associate Professor of the Chair of Computer Sciences

References

Gordon Fyodor Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Sunnyvale, CA, USA: Insecure, 2009, 464 p.

R. R. Singh, and D. S. Tomar, “Port scanning attack analysis with Dempster–Shafer evidence theory,” Int. J. Appl. Eng. Res., vol. 12, no. 16, pp. 5900-5904, 2017.

G. Bagyalakshmi et al., “Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools,” IEEE Access, vol. 6, pp. 57144-57151, 2018.

В. Ю. Кива, і Ю. С. Дрозд, «Аналіз існуючих методів кібернетичної розвідки інформаційно-телекомунікаційних мереж,» Збірник наукових праць Центру воєнно-стратегічних досліджень Національного університету оборони України імені Івана Черняховського, № 3, с. 62-66, 2017.

В. В. Довгий, і І. В. Небесний, Алгоритми сканування портів у корпоративній комп’ютерній мережі. Тернопіль, Україна: ТНЕУ, 2018. [Електронний ресурс]. Режим доступу: http://dspace.tneu.edu.ua/handle/316497/31957 .

В. В. Довгий, Алгоритми виявлення процедури сканування портів в корпоративній комп’ютерній мережі. Тернопіль, Україна: ТНЕУ, 2018. [Електронний ресурс]. Режим доступу: http://dspace.tneu.edu.ua/handle/316497/32436 .

J. P. S. Medeiros, A. M. Brito, and P. S. M. Pires, “A data mining based analysis of nmap operating system fingerprint database,” in Computational Intelligence in Security for Information Systems, Springer, 2009, pp. 1-8.

І. П. Малініч, і В. І. Месюра, «Ін’єктивний метод отримання даних користувацького досвіду в ігрових симуляторах комп’ютерних мереж,» Вісник Вінницького політехнічного інституту, № 5, с. 49-54, 2019.

Mark Wolfgang, Host Discovery with NMAP 2015. [Online]. Available:

https://havel.mojeservery.cz/wp-content/uploads/2015/10/nmap-discovery-howto-2002.pdf . Accessed on: December 17, 2020.

Host Discovery with NMAP. [Online]. Available: https://medium.com/@minimalist.ascent/host-discovery-with-nmap-a3759e3d214f . Accessed on: December 17, 2020.

І. Малініч, В. Месюра, і П. Малініч, Проблеми створення середовищ для визначення типу сканувальної активності, що здійснюється при скануванні мереж, Вінниця: ВНТУ, 2021.

Nmap. Ubuntu packages [Online]. Available: https://packages.ubuntu.com/search?keywords=nmap. Accessed on: December 17, 2020.

Downloads

Abstract views: 233

Published

2021-04-30

How to Cite

[1]
I. P. Malinich, V. I. Mesyura, and I. R. . Arseniuk, “Analysis of Traffic Usage by Scanning Computer Networks with Different Versions of Nmap”, Вісник ВПІ, no. 2, pp. 92–97, Apr. 2021.

Issue

No. 2 (2021)

Section

Information technologies and computer sciences

Metrics

Downloads

Download data is not yet available.

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).