# nmap -a -t4 scanme nmap



Download 116 Kb.
Page3/3
Date14.02.2022
Size116 Kb.
#58225
1   2   3
4.1.Port Scanning

Port Scanning Basics

  • nmap scans more than 1660 ports
  • Most port scanners list ports as opened or closed
  • nmap recognizes 6 port states
    • Open
      • Accepting TCP connections or UDP packets
    • Closed
      • Host is up on the IP address
      • Accessible but no app is listening
      • Try later

Port Scanning Basics

  • nmap recognizes 6 port states (cont’d)
    • Filtered
    • Unfiltered
      • Port is accessible but not whether open or closed
      • Used in mapping firewall rulesets
      • Try Window scan, SYN scan, FIN scan

Port Scanning Basics

  • nmap recognizes 6 port states (cont’d)
    • open|filtered
      • When unable to determine whether port is open of filtered
    • closed|filtered
      • When unable to determine whether port is closed or filtered

Port Scanning Techniques

  • Only one scan technique can be used at a time
  • Usually must have root privilege
  • Some available scan techniques:
    • sS (TCP SYN scan)
      • Default
      • Half-open scanning
        • The open request is never completed
    • sT (TCP connect() scan)
      • A full TCP connection is attempted
      • Firewalls tend to block incomplete TCP connect attempts
      • The scan control is handed over to the OS.

Port Scanning Techniques (cont’d)

  • Some additional available scan techniques:
    • sU (UDP scan)
      • Picks up services like DNS, SNMP, DHCP
      • A UDP packet is sent with no data to all targeted ports
        • ICMP: port unreachable --> port is closed
        • ICMP: 3 code: 1,2,9,10 or 13 --> port is filtered
        • Responds with a UDP packet --> port is open
        • No response --> port is open|filtered
    • sN (TCP null scan) no flags set
    • sF (TCP FIN scan) only the FIN bit is set
    • sX (Xmas scan) FIN, PSH, & URG bits are set
      • RST packet received --> port is closed
      • No response --> port is open|filtered
      • ICMP unreachable (1,2,3,9,10,13) --> port is filtered

Port Scanning Techniques (cont’d)

  • Some additional available scan techniques:
    • sA (TCP ACK scan)
      • No open ports are discovered
      • Does determine if the firewall is statefull
      • Unfiltered systems return a RST packet and labeled unfiltered
      • Noresponse of ICMP errors are labeled filtered
    • sW (TCP window scan)
    • sO (IP protocol scan)
      • Cycles through all of the IP protocols

Service and Version Detection

  • Probes discovered ports
  • nmap-service-probes contains probes for querying options
    • sV (Version detection)

OS Detection

  • Uses TCP and UDP scans
  • Compares to the nmap-os-fingerprints database
    • o (Enable OS detection)
    • A (Enable both OS and version detection)

Output

  • Piles of output
      • Learn perl and grep
  • Many formats
    • oN (Normal optput)
    • oX
    • v (Increase verbosity level)

Conclusion

  • nmap
    • Extremely powerful
    • Extremely invasive
    • Extremely obvious if you are not careful
    • Extremely illegal if not done correctly

Download 116 Kb.

Share with your friends:
1   2   3




The database is protected by copyright ©ininet.org 2024
send message

    Main page