So I run a Cisco firewall and I get to see all the devices that connect to it be the wired or wireless. So I keep seeing 192.168.1.101 show up. I look at the MAC address and it resolves to HiTEM Engineering. Hmm, don’t have any devices with that. The I open the SkyBell app on my phone and sure enough the MAC address matches. It’s the Skybell. Doing an nmap scan on it now.

To lookup a MAC (At least by the first three bytes go here.

Anyhow the nmap of the Skybell comes out as clean. Good. An IOT device that’s fairly secure I love it.

I decided to run the same against my IP Cameras only one in this example as it monitors the kitchen door.
Nmap scan report for 192.168.1.106
Host is up (1.1s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
80/tcp open http
554/tcp open rtsp

So obviously it has a Port 80 or http as it serves up the video on a web page.
And Port 554 – Real Time Streaming Protocol – that must be how the phone app communicates with it.

Even ran the scan against my Cisco firewall. It should return Port 80 – but surprise quite a bit more is running:
Host is up (1.0s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
443/tcp open https
444/tcp open snpp

So 80 we’re familiar with that’s it’s web server.

81 Is host to name service

443 is secure HTTP

444 is Simple Network Paging Protocol. Now that is interesting.

nmap 7 is on Windows 10. Not sure of the version on Windows 7 – but it’s classic Microsoft interpretation of the nmap standards.