Scanning
The scanning process can be divided into three steps:- Determining if a system is active.
- Port scanning the system.
- Scanning the system for vulnerabilities.
Step 1 is the process of determining whether a target system is turned on and capable of communicating or interacting with our machine. This step is the least reliable and we should always continue with steps 2 and 3 regardless of the outcome of this test.
Regardless, it is still important to conduct this step and make note of any machines that respond as alive.
Common Ports and their Service
Port Number Service20 FTP data transfer
21 FTP control
22 SSH
23 Telnet
25 SMTP (e-mail)
53 DNS
80 HTTP
443 HTTPS
Pings and Ping Sweeps
A ping is a special type of network packet called an ICMP packet. Pings work by sending specific types of network traffic, called ICMP Echo Request packets, to a specific interface on a computer or network device. If the device (and the attached network card) that received the ping packet is turned on and not restricted from responding, the receiving machine will respond back to the originating machine with an Echo Reply packet. Aside from telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return.Pings also report traffic loss that can be used to gauge the reliability of a network
connection.
Port Scanning
There are a total of 65,536 (0–65,535) ports on every computer. Ports can beeither TCP or UDP depending on the service using the port. We scan computers to see what ports are in use or “open”. This gives us a better picture of the purpose of the machine, which gives us a better idea about how to attack the box.
TCP 3-Way Handshake
Before we go on, we first have to know how computers on a network communicate with each other. When two computers want to communicate, they go through a processes known as the 3-way handshake. The first computer A will send a synchronize packet to the other computer B. Then, if computer B is listening (has its port open), it will respond back to A with a synchronize-acknowledgement packet. Finally, computer A will send an acknowledgement packet to computer B, and the two computers will communicate as usual.Using Nmap
Nmap was written by Gordon Lyon and is available for free from www.insecure.org and is built into today’s Backtrack Linux 5.Recommended Reading: Nmap Network Scanning
It is the official guide to using the nmap scanner. What more can I say? This book will cover nmap much more in depth than this site.
When we conduct a port scan, Nmap will create a packet and send it to each designated port on the computer just like the 3-way handshake. The goal is to determine what kind of a response we get from the target ports.
To use Nmap, open up the terminal and type:
nmap -p- 192.168.56.101
The “-p-” tells nmap to scan all ports on a target machine. The 10.0.2.15 is the local ip of the target machine.
0 comments:
Post a Comment