Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Port Scanners: Information Networking Security and Assurance Lab National Chung Cheng University

    Încărcat de

    Phong NoMy
    15 vizualizări22 pagini
    This document discusses port scanning and network mapping techniques. It explains how port scanners like Nmap use various scan types (SYN, ACK, FIN, Xmas) to discover open ports and services on remote hosts. It also describes options for timing scans, detecting operating systems, and hiding scans. The goal of port scanning is to identify network services and devices without permission in the first step of hacking or network mapping.

    Descriere originală:

    Nmap scan

    Titlu original

    nmap-161019143943

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    This document discusses port scanning and network mapping techniques. It explains how port scanners like Nmap use various scan types (SYN, ACK, FIN, Xmas) to discover open ports and services on remote hosts. It also describes options for timing scans, detecting operating systems, and hiding scans. The goal of port scanning is to identify network services and devices without permission in the first step of hacking or network mapping.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    15 vizualizări22 pagini

    Port Scanners: Information Networking Security and Assurance Lab National Chung Cheng University

    Încărcat de

    Phong NoMy
    This document discusses port scanning and network mapping techniques. It explains how port scanners like Nmap use various scan types (SYN, ACK, FIN, Xmas) to discover open ports and services on remote hosts. It also describes options for timing scans, detecting operating systems, and hiding scans. The goal of port scanning is to identify network services and devices without permission in the first step of hacking or network mapping.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 22

    Port Scanners

    1
    Information Networking Security and Assurance Lab
    National Chung Cheng University
    Introduction

    The first step in the process of hacking


    Discover the services
    Version label
    Operation System
    Send few packets to the host

    Information Networking Security and Assurance Lab


    National Chung Cheng University 2
    Pre Study

    TCP Packet Header

    Information Networking Security and Assurance Lab


    National Chung Cheng University 3
    TCP conversation

    Connect Disconnect
    Client Server Client Server

    SYN FIN

    SYN/ACK ACK/FIN

    ACK ACK

    Connection Established Connection Closed

    Information Networking Security and Assurance Lab


    Three-way handshake
    National Chung Cheng University 4
    TCP Flag Definitions

    Flag
    SYN The beginning of a connection
    ACK Acknowledge receipt of a previous packet
    or transmission
    FIN Close a TCP connection
    RST Abort a TCP connection

    Information Networking Security and Assurance Lab


    National Chung Cheng University 5
    Scanning for Hosts

    Is the host alive ?


    Method
    Ping
    nmap –sP 192.168.0.1

    TCP Ping
    nmap –sT 192.168.0.1

    Information Networking Security and Assurance Lab


    National Chung Cheng University 6
    Scanning for TCP Ports

    RPC service
    nmap –sR 192.168.0.1

    Information Networking Security and Assurance Lab


    National Chung Cheng University 7
    SYN Scan

    Nmap sends to Nmap receives from Nmap Assumes


    Host Port Host Port
    SYN SYN/ACK Port is open
    Host is up

    SYN RST Port is closed


    Host is up

    SYN Nothing Port is blocked by firewall


    Or Host is down

    Nmap –sS <target host>


    Information Networking Security and Assurance Lab
    National Chung Cheng University 8
    ACK Scan

    No firewall~

    Nmap sends Nmap receives Nmap Assumes


    to Host Port from Host Port
    ACK RST Port is not firewall-protect
    Port may be open or closed
    Protected by firewall~
    Host is up
    ACK Nothing or ICMP Port is blocked by firewall if
    unreachable host is up

    Nmap –sA <target host>


    Information Networking Security and Assurance Lab
    National Chung Cheng University 9
    FIN Scan

    Nmap sends to Nmap receives Nmap Assumes


    Host Port from Host Port
    FIN RST Port is closed Host is up

    FIN Nothing Port is open if host is up and


    not firewall-protected

    Nmap –sF <target host>


    Information Networking Security and Assurance Lab
    National Chung Cheng University 10
    Xmas Scan

    Non-normal TCP operation


    Set the flags FIN,URG,PUSH
    With –sX

    Nmap –sX <target host>

    Information Networking Security and Assurance Lab


    National Chung Cheng University 11
    Null scan

    Turn off all flags

    With -sN

    Nmap –sN <target host>

    Information Networking Security and Assurance Lab


    National Chung Cheng University 12
    Scanning for UDP Ports

    Nmap sends Nmap receives Nmap Assumes


    to Host Port from Host Port
    Empty UDP Nothing Port assumed open if host
    packet responds to Ping.
    Port may be closed if firewall
    blocking ICMP
    Empty UDP ICMP unreachable Port is closed
    packet

    Nmap –sU <target host>


    Information Networking Security and Assurance Lab
    National Chung Cheng University 13
    Scanning for Protocol

    IP Header
    Nmap –sO <target host>

    Information Networking Security and Assurance Lab


    National Chung Cheng University 14
    Hiding Your Scan

    FTP Bounce
    Decoys
    Disable Randomizing
    Fragmentation (-D) Ports
    (-f) (-r)

    With –sS –sF –sN -sX


    Nmap –r <target host>

    NmapNmap
    –b anonymous@<ftp server> –p <targer port> <target host>
    –sS –f <target host>
    Nmap –D <spoof host> <target host>

    Information Networking Security and Assurance Lab


    National Chung Cheng University 15
    Timing Your Scan

    Time-based
    Nmap –T <name>algorithm
    <target host>
    name
    Using -TProbe
    option Time Spent Time Use
    Response on One Host between Parallelized
    Timeout Probes Probes
    Paranoid 5 min Unlimited 5 min No

    Sneaky 15 sec Unlimited 12 sec No


    Polite 6 sec Unlimited 0.4 sec No
    Normal 6 sec Unlimited None No
    Aggressive 1 sec 5 min None Yes
    Insane 0.3 sec 75 sec None Yes
    Information Networking Security and Assurance Lab
    National Chung Cheng University 16
    TCP Reverse Ident Scanning

    Who runs the process (-I)


    Nmap –I <target host>

    Information Networking Security and Assurance Lab


    National Chung Cheng University 17
    OS Fingerprinting

    With –O flag

    Sending specially TCP and UDP headers

    Analyze the result and compare information

    OS information

    Information Networking Security and Assurance Lab


    National Chung Cheng University 18
    OS Detection on Linux

    Nmap –O 192.168.0.1

    Information Networking Security and Assurance Lab


    National Chung Cheng University 19
    Mapping Networks

    Scanning a Class C subnet

    Information Networking Security and Assurance Lab


    National Chung Cheng University 20
    Mapping Networks

    Port scans in IP section

    Information Networking Security and Assurance Lab


    National Chung Cheng University 21
    Scanning Tools on windows

    Netscantools
    Superscan
    IPEYE
    WUPS

    Information Networking Security and Assurance Lab


    National Chung Cheng University 22

    S-ar putea să vă placă și