Characteristics of Port Scan Traffic: A Case Study Using Nmap

Authors

DOI:

https://doi.org/10.31272/jeasd.2638

Keywords:

Cybersecurity, Intrusion detection, Nmap, Portscan, Reconnaissance, Wireshark

Abstract

Network ports, essential for communication, become susceptible to port scanning techniques employed by cybersecurity professionals, network administrators, and malicious hackers. The study digs into the specific characteristics of Nmap-generated port scan traffic, examining patterns, behaviors, and data relations throughout the packets. Also, researchers investigate the relationships between various port scan features and approaches to provide insightful information for developing more effective intrusion detection systems. The tool Nmap, which is widely employed for reconnaissance attacks in current network security, is the subject of this paper, and the Metasploit tool is also used to illustrate specific behavior and how it differs from the Nmap tool. The paper's contribution is summarized by introducing features like source ports, destination port distribution, statistics, and time-related attributes, which can be used as distinguishable features to detect the scan traffic. The term "Indicator of Scan" (IoS), as used by the authors, refers to a broad category that includes any useful indicators for scan detection. IoS can also be useful in determining which specific scanning tool is utilized in addition to scan detection.

Author Biographies

  • Zaid Al-Khazaali, Department of Construction and Projects, Mustansiriyah University, Iraq

     Department of Construction and Projects

  • Ammar Al-Ghabban, Department of Construction and Projects, Mustansiriyah University, Iraq

    Department of Construction and Projects

  • Haneen Al-Musawi, Department of Construction and Projects, Mustansiriyah University, Iraq

    Department of Construction and Projects

  • Anwar Sabah, Department of Laser and Optoelectronics Engineering, University of Technology, Iraq

    Department of Laser and Optoelectronics Engineering

  • Noor Al Mahdi, Department of Computer Science and Electronic Engineering, University of Essex, UK

    Department of Computer Science and Electronic Engineering

References

G. F. Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Sunnyvale, CA, USA: Insecure, 2009. ISBN: 0979958717. url: https://nmap.org/book

P. Calderon, Nmap: Network Exploration and Security Auditing Cookbook, 2nd Edition. Birmingham: Packt, 2017. ISBN: 1786467453. URL: https://www.packtpub.com/en-br/product/nmap-network-exploration-and-security-auditing-cookbook-9781786467454

M. I. Kareem, M. Jawad Kadhim Abood, and K. Ibrahim, “Machine learning-based PortScan attacks detection using OneR classifier,” Bulletin of Electrical Engineering and Informatics, vol. 12, no. 6, pp. 3690–3696, Dec. 2023, doi: https://doi.org/10.11591/eei.v12i6.4142.

W. M. Eid, S. Atawneh, and M. Al-Akhras, “Framework for Cybersecurity Centers to Mass Scan Networks,” Intelligent Automation & Soft Computing, vol. 26, no. 4, pp. 1319–1334, 2020, doi: https://doi.org/10.32604/iasc.2020.013678.

D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J Comput Sci, vol. 27, pp. 394–409, Jul. 2018, doi: https://doi.org/10.1016/j.jocs.2017.10.020.

M. Zaki Abdullah, A. Kalid Jassim, F. Noori Hummadi, and M. Majid M. Al Khalidy, “New Strategies for Improving Network Security Against Cyber Attack Based On Intelligent Algorithms”, J. eng. sustain. dev., vol. 28, no. 3, pp. 342–354, May 2024, doi: https:/doi.org/10.31272/jeasd.28.3.4.

A. Villalon-Huerta, H. M. Gisbert, and I. Ripoll-Ripoll, “SOC Critical Path: A Defensive Kill Chain Model,” IEEE Access, vol. 10, pp. 13570–13581, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3145029.

S., Liao, C., Zhou, Y., Zhao, Z., Zhang, C., Zhang, Y., Gao, and G., Zhong, “A Comprehensive Detection Approach of Nmap: Principles, Rules and Experiments,” in Proceedings - 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2020, Institute of Electrical and Electronics Engineers Inc., Oct. 2020, pp. 64–71. doi https://doi.org/10.1109/CyberC49757.2020.00020.

M. Aamir, S. S. H. Rizvi, M. A. Hashmani, M. Zubair, and J. A. Usman, “Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis,” Mehran University Research Journal of Engineering and Technology, vol. 40, no. 1, pp. 215–229, Jan. 2021, doi: https://doi.org/10.22581/muet1982.2101.19.

EC-Council, Certified Cybersecurity Technician (CCT) v1 Professional Series. EC-Council, 2021. ISBN: 9781635679564. URL: https://www.vitalsource.com/products/certified-cybersecurity-technician-cct-version-1-ec-council-v9781635679564

C. Sanders, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 3rd ed. USA: No Starch Press, 2017. ISBN: 1593278020. url: https://nostarch.com/packetanalysis3/

I. Nedyalkov, “Study the Level of Network Security and Penetration Tests on Power Electronic Device,” Computers, vol. 13, no. 3, p. 81, Mar. 2024, doi: https://doi.org/10.3390/computers13030081.

G., Bagyalakshmi, G., Rajkumar, N., Arunkumar, M., Easwaran, K., Narasimhan, V., Elamaran, M., Solarte, I., Hernandez, and G., Ramirez-Gonzalez, “Network Vulnerability Analysis on Brain Signal/Image Databases Using Nmap and Wireshark Tools,” IEEE Access, vol. 6, pp. 57144–57151, 2018, doi: https://doi.org/10.1109/ACCESS.2018.2872775.

I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications, 2018, pp. 108–116. doi: https://doi.org/10.5220/0006639801080116.

GitHub “Z21Raven - Overview,”. https://github.com/Z21Raven/nmap-scan-characteristics (accessed Aug. 03, 2024).

G. Wang and Y. Gu, “Multi-Task Scenario Encrypted Traffic Classification and Parameter Analysis,” Sensors, vol. 24, no. 10, p. 3078, May 2024, doi https://doi.org/10.3390/s24103078.

Nmap, “Nmap Network Scanning. The Official Nmap Project Guide to Network Discovery and Security Scanning.” Nmap.org, Accessed: Jul. 09, 2024. [Online]. Available: https://nmap.org/book/toc.html

A. Upadhya and B. K. Srinivas "A Survey on different Port Scanning Methods and the Tools Used to perform them," Int J Res Appl Sci Eng Technol, vol. 8, no. 5, pp. 3018–3024, May 2020, doi: https://doi.org/10.22214/ijraset.2020.5505.

F. H. Roslan, “A Comparative Performance of Port Scanning Techniques,” Journal of Soft Computing and Data Mining, vol. 4, no. 2, Oct. 2023, doi: https://doi.org/10.30880/jscdm.2023.04.02.004.

D. Kennedy, J. O’Gorman, D. Kearns, and M. Aharoni, Metasploit: The Penetration Tester’s Guide, 1st ed. USA: No Starch Press, 2011. ISBN: 9781593272883. url: https://nostarch.com/metasploit.

А., Makulova B., Sharipova, M.Othman, А., Pyrkova. & G. Оrdabayeva “Methods Analyzing Network Traffic and Detecting Network Vulnerabilities,” Journal of Mathematics, Mechanics and Computer Science, vol. 121, no. 1, Mar. 2024, doi: https://doi.org/10.26577/JMMCS2024121110.

Downloads

Key Dates

Received

2024-04-30

Revised

2024-11-20

Accepted

2024-11-21

Published Online First

2025-01-01

Published

2025-01-01

How to Cite

Al-Khazaali, Z., Al-Ghabban, A., Al-Musawi, H., Sabah, A. ., & Al Mahdi, N. (2025). Characteristics of Port Scan Traffic: A Case Study Using Nmap. Journal of Engineering and Sustainable Development, 29(1), 26-35. https://doi.org/10.31272/jeasd.2638

Similar Articles

1-10 of 39

You may also start an advanced similarity search for this article.