Analysis of Traffic Usage by Scanning Computer Networks with Different Versions of Nmap

Authors

  • I. P. Malinich Vinnytsia National Technical University
  • V. I. Mesyura Vinnytsia National Technical University
  • I. R. Arseniuk Vinnytsia National Technical University

DOI:

https://doi.org/10.31649/1997-9266-2021-155-2-92-97

Keywords:

Nmap, network traffic, sniffer, network scanning, intrusion detection system

Abstract

Currently, there are a large number of tools for network monitoring and diagnostics which can be used for various purposes, both authorized persons and other persons who may have unauthorized access to the network. One of them is the Nmap network scanner. The Nmap is a powerful open source network scanning application. Currently it is almost indispensable tool for diagnosing network operation, detecting fault network configurations, and also helps in finding vulnerabilities within the network. The Nmap network scanner is being improved by its author and independent developers. Nowadays the team of this application expands its functionality and improves existing tools that significantly affects its network behavior.

Sniffers are usually used to detect scanning activity on the network, which captures packets passing through them. At this time, they and the intrusion detection software can be used to identify the hosts that perform the scan. However, the task of identifying the software that scans the network and its versions remain relevant. The article considers the solution of the task on the example of the network scanner Nmap.

The use of traffic by different versions of the Nmap during different scanning phases is considered. Differences in the operation of the program arise as a result of updating the current code of this application and its scanning scripts. In most cases, the code does not change significantly within one majority version. However, even minor changes can affect the software identification process when analyzing network traffic. The work of the following versions of Nmap is analyzed: 7.01, 7.60, 7.80.

Author Biographies

I. P. Malinich, Vinnytsia National Technical University

Assistant Lecturer of the Chair of Computer Sciences

V. I. Mesyura, Vinnytsia National Technical University

Cand. Sc., Associate Professor, Professor of the Chair of Computer Sciences

I. R. Arseniuk, Vinnytsia National Technical University

Cand. Sc. (Eng.), Associate Professor of the Chair of Computer Sciences

References

Gordon Fyodor Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Sunnyvale, CA, USA: Insecure, 2009, 464 p.

R. R. Singh, and D. S. Tomar, “Port scanning attack analysis with Dempster–Shafer evidence theory,” Int. J. Appl. Eng. Res., vol. 12, no. 16, pp. 5900-5904, 2017.

G. Bagyalakshmi et al., “Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools,” IEEE Access, vol. 6, pp. 57144-57151, 2018.

В. Ю. Кива, і Ю. С. Дрозд, «Аналіз існуючих методів кібернетичної розвідки інформаційно-телекомунікаційних мереж,» Збірник наукових праць Центру воєнно-стратегічних досліджень Національного університету оборони України імені Івана Черняховського, № 3, с. 62-66, 2017.

В. В. Довгий, і І. В. Небесний, Алгоритми сканування портів у корпоративній комп’ютерній мережі. Тернопіль, Україна: ТНЕУ, 2018. [Електронний ресурс]. Режим доступу: http://dspace.tneu.edu.ua/handle/316497/31957 .

В. В. Довгий, Алгоритми виявлення процедури сканування портів в корпоративній комп’ютерній мережі. Тернопіль, Україна: ТНЕУ, 2018. [Електронний ресурс]. Режим доступу: http://dspace.tneu.edu.ua/handle/316497/32436 .

J. P. S. Medeiros, A. M. Brito, and P. S. M. Pires, “A data mining based analysis of nmap operating system fingerprint database,” in Computational Intelligence in Security for Information Systems, Springer, 2009, pp. 1-8.

І. П. Малініч, і В. І. Месюра, «Ін’єктивний метод отримання даних користувацького досвіду в ігрових симуляторах комп’ютерних мереж,» Вісник Вінницького політехнічного інституту, № 5, с. 49-54, 2019.

Mark Wolfgang, Host Discovery with NMAP 2015. [Online]. Available:

https://havel.mojeservery.cz/wp-content/uploads/2015/10/nmap-discovery-howto-2002.pdf . Accessed on: December 17, 2020.

Host Discovery with NMAP. [Online]. Available: https://medium.com/@minimalist.ascent/host-discovery-with-nmap-a3759e3d214f . Accessed on: December 17, 2020.

І. Малініч, В. Месюра, і П. Малініч, Проблеми створення середовищ для визначення типу сканувальної активності, що здійснюється при скануванні мереж, Вінниця: ВНТУ, 2021.

Nmap. Ubuntu packages [Online]. Available: https://packages.ubuntu.com/search?keywords=nmap. Accessed on: December 17, 2020.

Downloads

Abstract views: 233

Published

2021-04-30

How to Cite

[1]
I. P. Malinich, V. I. Mesyura, and I. R. . Arseniuk, “Analysis of Traffic Usage by Scanning Computer Networks with Different Versions of Nmap”, Вісник ВПІ, no. 2, pp. 92–97, Apr. 2021.

Issue

Section

Information technologies and computer sciences

Metrics

Downloads

Download data is not yet available.