Prompt

Test your understanding of port scanning by scanning ports.cityinthe.cloud and answering these questions.

Walk-Through

This challenge involves using the Nmap tool. You can use Nmap to scan the target server and identify ports and services running on the machine.

Background

Certain command line flags on Nmap are necessary to use including -p to specify port range (the default behavior of Nmap is to scan the top 1000 most common ports), -sU to specify UDP port scans, and -sV to determine software versions.

An important note for Nmap is that the “Service” field is a bit of a misnomer. The “Service” field that Nmap outputs is the common service that is generally assigned to that port number. This means that if you ran a SSH server on port 80, Nmap may simply show port 80 as a HTTP server unless you specify the -sV flag to enumerate software version. When you use the -sV flag, Nmap will output an additional “Version” field that shows the software name and/or version number if it is able to identify it.

You may need to use the -Pn flag. Since this challenge and others like it on the Cyber Skyline platform are set up in a cloud environment, ICMP may be blocked by default.

Guide

To access this challenge, you’ll need to use your own terminal emulator. This challenge is solved in the walkthrough and tutorial using Kali Linux.

To scan ports.cityinthe.cloud, use Nmap and a port range in order to see the lowest ports. Nmap will scan TCP ports by default.

While TCP scanning may be faster over UDP scanning, because there is a handshake that occurs, scanning with Nmap may still take some time. It is common to run the command and then work on something else to optimize your time.

nmap -Pn -p 1-500 ports.cityinthe.cloud

Scanning UDP ports requires the use of the -sU flag with Nmap: nmap -sU -p 1-10 ports.cityinthe.cloud. Scanning UDP ports can be a challenge because UDP does not require a response. Nmap will move on to scanning subsequent ports after the request times out, therefore, UDP port scans can take some time and it makes sense to use a ‘small’ range when conducting one.

This command scans the first ten ports, but it may be useful to scan a range of 1-100 or 1-1000 for other challenges depending on the challenge difficulty.

To determine what service what’s running on the open port, just scanning the specific port using nmap -p 16080 ports.cityinthe.cloud will show the following:

However, more specific information about the service can be found if we use the version flag -sV instead: nmap -sV -p 16080 ports.cityinthe.cloud

Tutorial Video

Watch our full Tutorial Video to learn more about performing a Nmap scan and see a walkthrough of how to solve this challenge:

NCL Summer Live - Nmap Scan Demo - Sep 9, 2021

Watch this live demonstration explaining Nmap scans, a command line tool that can show open ports, devices on your network, services running on those devices, the Operating Systems, and firewalls. The series is presented by Cyber Skyline CEO Franz Payer. Reach out with questions on NCL at info@nationalcyberleague.org. The National Cyber League, powered by Cyber Skyline, is a bi-annual, all-virtual cybersecurity student competition, advancing hands-on skills and knowledge. Check the website at nationalcyberleague.org for details.

www.youtube.com

Questions

1. What is the lowest open port on the system?

2. What is the second lowest open port on the system?

3. What is the third lowest open port on the system?

4. What is the lowest UDP port on the system?

5. What software is being run on port 16080?

©️ 2026 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.