PORT AUTHORITY
Port scanning is one of the most common first steps towards assessing the security of a particular machine. There are a few ways of doing it, but they all involve attempting to open a connection to various ports on the target machine to see which ones have services running on them (for example, webservers run on TCP ports 80 and 443). Nmap is one of the most useful portscanning tools. Fire up a terminal in Kali and run $ nmap localhost This will scan the 1,000 most common ports on which services are found. On a default Kali install no services should be running and that command should tell you as much. Nmap by default uses stealth scanning, which only partially opens connections. This makes it harder to detect scans, though a keen-eyed sysadmin poring over a Wireshark packet capture could still spot them. If you run Nmap as root, you’ll sometimes obtain a little more info about the target machine and the software it’s running. Over the page you’ll see how we can use this to find the IP addresses for the many Raspberry Pis on our LAN. Being root also enables you to send raw packets, so there’s no need to connect to the target machine. Nmap even has a paranoid stealth mode (which is much slower so as not to trigger detection systems; activate it by adding -T0 to its arguments.
There are other scanners with different purposes. For example Masscan can port scan the whole Internet in about six minutes.