1 / 22

Port Scanners

Port Scanners. Introduction. The first step in the process of hacking Discover the services Version label Operation System Send few packets to the host. Pre Study. TCP Packet Header. TCP conversation. Connect. Disconnect. Client. Server. Client. Server. SYN. FIN. SYN/ACK.

oneida
Download Presentation

Port Scanners

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Port Scanners

  2. Introduction • The first step in the process of hacking • Discover the services • Version label • Operation System • Send few packets to the host

  3. Pre Study • TCP Packet Header

  4. TCP conversation Connect Disconnect Client Server Client Server SYN FIN SYN/ACK ACK/FIN ACK ACK Connection Established Connection Closed Three-way handshake

  5. TCP Flag Definitions

  6. Scanning for Hosts • Is the host alive ? • Method • Ping • nmap –sP 192.168.0.1 • TCP Ping • nmap –sT 192.168.0.1

  7. Scanning for TCP Ports • RPC service • nmap –sR 192.168.0.1 • TCP connect • nmap –sT 192.168.0.1

  8. SYN Scan Nmap –sS <target host>

  9. ACK Scan No firewall~ Protected by firewall~ Nmap –sA <target host>

  10. Connect Nmap Host FIN RST FIN Scan Nmap –sF <target host>

  11. Xmas Scan • Non-normal TCP operation • Set the flags FIN,URG,PUSH • With –sX Nmap –sX <target host>

  12. Null scan • Turn off all flags • With -sN Nmap –sN <target host>

  13. Connect Nmap Host Empty UDP Packet ICMP unreachable Scanning for UDP Ports Nmap –sU <target host>

  14. Scanning for Protocol IP Header Nmap –sO <target host>

  15. Hiding Your Scan • FTP Bounce • Decoys • Disable Randomizing Ports • Fragmentation (-D) (-f) (-r) • With –sS –sF –sN -sX Nmap –r <target host> Nmap –b anonymous@<ftp server> –p <targer port> <target host> Nmap –sS –f <target host> Nmap –D <spoof host> <target host>

  16. Timing Your Scan • Time-based algorithm • Using -T option Nmap –T <name> <target host>

  17. TCP Reverse Ident Scanning • Who runs the process (-I) Nmap –I <target host>

  18. OS Fingerprinting • With –O flag Sending specially TCP and UDP headers Analyze the result and compare information OS information

  19. OS Detection on Linux • Nmap –O 192.168.0.1

  20. Mapping Networks • Scanning a Class C subnet

  21. Mapping Networks • Port scans in IP section

  22. Scanning Tools on windows • Netscantools • Superscan • IPEYE • WUPS

More Related