Hosts with IP addresses can provide many services, such as Web services, FTP services, SMTP services and so on. These services can be completely realized through 1 IP address. So, how does the host distinguish different network services? Obviously, you can't just rely on ip addresses, because IP addresses and network services have a one-to-many relationship. In fact, different services are distinguished by "IP address+port number".
Therefore, open ports represent the services provided, and different services have different port numbers. Therefore, to test the service, we must first determine whether to open the corresponding port number.
TCP port and UDP port. Because TCP and UDP are independent, their respective port numbers are also independent of each other. For example, TCP has 235 ports, and UDP can also have 235 ports. There is no conflict between them.
1, well-known port
Well-known ports are well-known port numbers ranging from 0 to 1023, of which 80 ports are allocated to WWW service and 2 1 ports are allocated to FTP service. We don't need to specify the port number when we enter the URL in the address bar of IE, because by default, the port of WWW service is "80".
2. Dynamic port
The range of dynamic ports is from 49 152 to 65535. It is called a dynamic port because it generally does not allocate a service fixedly, but dynamically.
3. Register the port
Ports 1024 to 49 15 1 are assigned to user processes or applications. These processes are mainly programs installed by users.
1. Use the Nmap tool to find the tcp port of ip.
-O: get operating system version information
2. Use Nmap tool to find udp port.
-sU: stands for udp scanning and udp port scanning.
-Pn: Do not ping the target (do not judge whether the host is online) (directly scan the port)
Scanning udp ports is slow, and it takes about 20 minutes to scan more than 60,000 ports.
3. Use the Nmap tool to get the port slogan.
Only those with banner information are returned, and those without banners are not returned.
4. Probe the service version information with Nmap.
If no banner information is returned, you can also use this method to try to sniff the service version information.
5. Use nmap to test the target completely.
When testing content, if authorized, you can use nmap to test the target completely.