Characteristics of Port Scan Traffic: A Case Study Using Nmap
DOI:
https://doi.org/10.31272/jeasd.2638Keywords:
Cybersecurity, Intrusion detection, Nmap, Portscan, Reconnaissance, WiresharkAbstract
Network ports, essential for communication, become susceptible to port scanning techniques employed by cybersecurity professionals, network administrators, and malicious hackers. The study digs into the specific characteristics of Nmap-generated port scan traffic, examining patterns, behaviors, and data relations throughout the packets. Also, researchers investigate the relationships between various port scan features and approaches to provide insightful information for developing more effective intrusion detection systems. The tool Nmap, which is widely employed for reconnaissance attacks in current network security, is the subject of this paper, and the Metasploit tool is also used to illustrate specific behavior and how it differs from the Nmap tool. The paper's contribution is summarized by introducing features like source ports, destination port distribution, statistics, and time-related attributes, which can be used as distinguishable features to detect the scan traffic. The term "Indicator of Scan" (IoS), as used by the authors, refers to a broad category that includes any useful indicators for scan detection. IoS can also be useful in determining which specific scanning tool is utilized in addition to scan detection.
References
G. F. Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Sunnyvale, CA, USA: Insecure, 2009. ISBN: 0979958717. url: https://nmap.org/book
P. Calderon, Nmap: Network Exploration and Security Auditing Cookbook, 2nd Edition. Birmingham: Packt, 2017. ISBN: 1786467453. URL: https://www.packtpub.com/en-br/product/nmap-network-exploration-and-security-auditing-cookbook-9781786467454
M. I. Kareem, M. Jawad Kadhim Abood, and K. Ibrahim, “Machine learning-based PortScan attacks detection using OneR classifier,” Bulletin of Electrical Engineering and Informatics, vol. 12, no. 6, pp. 3690–3696, Dec. 2023, doi: https://doi.org/10.11591/eei.v12i6.4142.
W. M. Eid, S. Atawneh, and M. Al-Akhras, “Framework for Cybersecurity Centers to Mass Scan Networks,” Intelligent Automation & Soft Computing, vol. 26, no. 4, pp. 1319–1334, 2020, doi: https://doi.org/10.32604/iasc.2020.013678.
D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J Comput Sci, vol. 27, pp. 394–409, Jul. 2018, doi: https://doi.org/10.1016/j.jocs.2017.10.020.
M. Zaki Abdullah, A. Kalid Jassim, F. Noori Hummadi, and M. Majid M. Al Khalidy, “New Strategies for Improving Network Security Against Cyber Attack Based On Intelligent Algorithms”, J. eng. sustain. dev., vol. 28, no. 3, pp. 342–354, May 2024, doi: https:/doi.org/10.31272/jeasd.28.3.4.
A. Villalon-Huerta, H. M. Gisbert, and I. Ripoll-Ripoll, “SOC Critical Path: A Defensive Kill Chain Model,” IEEE Access, vol. 10, pp. 13570–13581, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3145029.
S., Liao, C., Zhou, Y., Zhao, Z., Zhang, C., Zhang, Y., Gao, and G., Zhong, “A Comprehensive Detection Approach of Nmap: Principles, Rules and Experiments,” in Proceedings - 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2020, Institute of Electrical and Electronics Engineers Inc., Oct. 2020, pp. 64–71. doi https://doi.org/10.1109/CyberC49757.2020.00020.
M. Aamir, S. S. H. Rizvi, M. A. Hashmani, M. Zubair, and J. A. Usman, “Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis,” Mehran University Research Journal of Engineering and Technology, vol. 40, no. 1, pp. 215–229, Jan. 2021, doi: https://doi.org/10.22581/muet1982.2101.19.
EC-Council, Certified Cybersecurity Technician (CCT) v1 Professional Series. EC-Council, 2021. ISBN: 9781635679564. URL: https://www.vitalsource.com/products/certified-cybersecurity-technician-cct-version-1-ec-council-v9781635679564
C. Sanders, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 3rd ed. USA: No Starch Press, 2017. ISBN: 1593278020. url: https://nostarch.com/packetanalysis3/
I. Nedyalkov, “Study the Level of Network Security and Penetration Tests on Power Electronic Device,” Computers, vol. 13, no. 3, p. 81, Mar. 2024, doi: https://doi.org/10.3390/computers13030081.
G., Bagyalakshmi, G., Rajkumar, N., Arunkumar, M., Easwaran, K., Narasimhan, V., Elamaran, M., Solarte, I., Hernandez, and G., Ramirez-Gonzalez, “Network Vulnerability Analysis on Brain Signal/Image Databases Using Nmap and Wireshark Tools,” IEEE Access, vol. 6, pp. 57144–57151, 2018, doi: https://doi.org/10.1109/ACCESS.2018.2872775.
I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications, 2018, pp. 108–116. doi: https://doi.org/10.5220/0006639801080116.
GitHub “Z21Raven - Overview,”. https://github.com/Z21Raven/nmap-scan-characteristics (accessed Aug. 03, 2024).
G. Wang and Y. Gu, “Multi-Task Scenario Encrypted Traffic Classification and Parameter Analysis,” Sensors, vol. 24, no. 10, p. 3078, May 2024, doi https://doi.org/10.3390/s24103078.
Nmap, “Nmap Network Scanning. The Official Nmap Project Guide to Network Discovery and Security Scanning.” Nmap.org, Accessed: Jul. 09, 2024. [Online]. Available: https://nmap.org/book/toc.html
A. Upadhya and B. K. Srinivas "A Survey on different Port Scanning Methods and the Tools Used to perform them," Int J Res Appl Sci Eng Technol, vol. 8, no. 5, pp. 3018–3024, May 2020, doi: https://doi.org/10.22214/ijraset.2020.5505.
F. H. Roslan, “A Comparative Performance of Port Scanning Techniques,” Journal of Soft Computing and Data Mining, vol. 4, no. 2, Oct. 2023, doi: https://doi.org/10.30880/jscdm.2023.04.02.004.
D. Kennedy, J. O’Gorman, D. Kearns, and M. Aharoni, Metasploit: The Penetration Tester’s Guide, 1st ed. USA: No Starch Press, 2011. ISBN: 9781593272883. url: https://nostarch.com/metasploit.
А., Makulova B., Sharipova, M.Othman, А., Pyrkova. & G. Оrdabayeva “Methods Analyzing Network Traffic and Detecting Network Vulnerabilities,” Journal of Mathematics, Mechanics and Computer Science, vol. 121, no. 1, Mar. 2024, doi: https://doi.org/10.26577/JMMCS2024121110.
Downloads
Key Dates
Received
Revised
Accepted
Published Online First
Published
Issue
Section
License
Copyright (c) 2025 Zaid Al-Khazaali, Ammar Al-Ghabban, Haneen Al-Musawi, Anwar Sabah, Noor Al Mahdi (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.