

































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An in-depth exploration of port scanning, a crucial aspect of ethical hacking and network defense. Learn about various types of port scans, popular port-scanning tools, and legal considerations. Understand how to use these techniques to identify vulnerabilities and secure networks.
Typology: Essays (university)
1 / 41
This page cannot be seen from the preview
Don't miss anything!


































Chapter 5 Chapter 5 Port Scanning Port Scanning Last updated 9-18-08 Last updated 9-18-
Describe different types of port scansDescribe different types of port scans
Explain how shell scripting is used toExplain how shell scripting is used to automate security tasks automate security tasks
44
Open portsOpen ports Closed portsClosed ports (^) Filtered portsFiltered ports (^) Best-guess assessment of which OS isBest-guess assessment of which OS is running running
Client Client SYNSYN ServerServer Client Client SYN/ACKSYN/ACK ServerServer Client Client ACKACK ServerServer
88
Client Client SYNSYN ServerServer Client Client SYN/ACKSYN/ACK ServerServer Client Client RSTRST ServerServer The server is ready, but the client decided The server is ready, but the client decided not to complete the handshake not to complete the handshake
(^) Completes the three-way handshakeCompletes the three-way handshake Not stealthy--appears in log filesNot stealthy--appears in log files (^) Three statesThree states (^) ClosedClosed (^) OpenOpen (^) FilteredFiltered
(^) All the packet flags are turned offAll the packet flags are turned off Two results:Two results: (^) Closed ports reply withClosed ports reply with RST RST (^) Open or filtered ports giveOpen or filtered ports give no response no response
Windows machines Windows machines Win 2000 Pro and Win Server 2003 shows allWin 2000 Pro and Win Server 2003 shows all ports closed ports closed Win XP Pro all ports open/filteredWin XP Pro all ports open/filtered (^) See the NMAP tutorial (link Ch 5c)See the NMAP tutorial (link Ch 5c)
(^) Simplest method sends ICMP ECHOSimplest method sends ICMP ECHO REQUEST to the destination(s) REQUEST to the destination(s) (^) TCP Ping sends SYN or ACK to any portTCP Ping sends SYN or ACK to any port (default is port 80 for Nmap) (default is port 80 for Nmap) (^) Any response shows the target is upAny response shows the target is up
UnicornscanUnicornscan
One of the most popular toolsOne of the most popular tools
Xnmap and Ubuntu's NmapFEXnmap and Ubuntu's NmapFE
Ideal for large networksIdeal for large networks
seconds seconds
Optimizes UDP scanningOptimizes UDP scanning
Free from http://unicornscan.org/ (link Ch 5f)Free from http://unicornscan.org/ (link Ch 5f)
Database vulnerabilitiesDatabase vulnerabilities DHCP server discoveryDHCP server discovery IP packets viewerIP packets viewer Name server lookupName server lookup OS fingerprintingOS fingerprinting Many more (see link Ch 5g)Many more (see link Ch 5g)