• Scanning is the process of finding out open/close ports, vulnerabilities in remote system, server & networks.
• Scanning will reveal
• IP addresses
• Operating systems
• Services running on each computer.
• Services running on each computer.
Types of Scanning
• There are three types of scanning.
1. Port Scanning
2. Network Scanning
3. Vulnerability Scanning
Port Scanning
• Port Scanning is one of the most popular technique attacker use to discover the service they break into.
• All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well known ports.
• There are 1 to 65535 ports are available in the computer.
• By port scanning the attacker finds which ports are available .
Ports
• The port numbers are unique only within a computer system.
• Port numbers are 16-bit unsigned numbers.
•The port numbers are divided into three ranges:
1. Well Known Ports (0..1023),
2. The Registered Ports (1024..49151),
3. The Dynamic and/or Private Ports (49152..65535).
Open Scan
Known as TCP Scan and normally used to program sockets, this technique is the
oldest and works making a full connection with the server.
For that it makes an autentication with 3 packets. Is known ast hree-wayhandshake:
For the ports opened:
Client ----> SYN ---->
<---- SYN/ACK <---- Server
Client ----> ACK ---->
For the ports closed:
Client ----> SYN ---->
<---- RST <---- Server
Advantages : very easy to program.
Disadvantages: is very easy to detect and make logs on each connection.
Well Known Ports
• echo 7/tcp Echo
• ftp-data 20/udp File Transfer [Default Data]
• ftp 21/tcp File Transfer [Control]
• ssh 22/tcp SSH Remote Login Protocol
• telnet 23/tcp Telnet
• domain 53/udp Domain Name Server
• www-http 80/tcp World Wide Web HTTP.
• Smtp 25/tcp Simple mail transfer protocol
• Whois 43/tcp whois server
• wins 1512/tcp Microsoft Windows Internet Name Service
• radius 1812/udp RADIUS authentication protocol
• yahoo 5010 Yahoo! Messenger
• x11 6000-6063/tcp X Window System
TCP Packet Header
• SYN – Synchronize – it is used to initiate connection between hosts.
• ACk – Acknowledgement – It is used to establish connection between hosts.
• PSH – push – tells receiving system to send all buffer data.
• URG – urgent – stats that data contain in packet should be process immediately.
• FIN – finish – tells remote system that there will be no more transmission.
• TTL – Time to Live.
• Scanning will reveal
• IP addresses
• Operating systems
• Services running on each computer.
• Services running on each computer.
Types of Scanning
• There are three types of scanning.
1. Port Scanning
2. Network Scanning
3. Vulnerability Scanning
Port Scanning
• Port Scanning is one of the most popular technique attacker use to discover the service they break into.
• All machines connected to a LAN or connected to Internet via a modem run many services that listen at well-known and not so well known ports.
• There are 1 to 65535 ports are available in the computer.
• By port scanning the attacker finds which ports are available .
Ports
• The port numbers are unique only within a computer system.
• Port numbers are 16-bit unsigned numbers.
•The port numbers are divided into three ranges:
1. Well Known Ports (0..1023),
2. The Registered Ports (1024..49151),
3. The Dynamic and/or Private Ports (49152..65535).
Open Scan
Known as TCP Scan and normally used to program sockets, this technique is the
oldest and works making a full connection with the server.
For that it makes an autentication with 3 packets. Is known ast hree-wayhandshake:
For the ports opened:
Client ----> SYN ---->
<---- SYN/ACK <---- Server
Client ----> ACK ---->
For the ports closed:
Client ----> SYN ---->
<---- RST <---- Server
Advantages : very easy to program.
Disadvantages: is very easy to detect and make logs on each connection.
Well Known Ports
• echo 7/tcp Echo
• ftp-data 20/udp File Transfer [Default Data]
• ftp 21/tcp File Transfer [Control]
• ssh 22/tcp SSH Remote Login Protocol
• telnet 23/tcp Telnet
• domain 53/udp Domain Name Server
• www-http 80/tcp World Wide Web HTTP.
• Smtp 25/tcp Simple mail transfer protocol
• Whois 43/tcp whois server
• wins 1512/tcp Microsoft Windows Internet Name Service
• radius 1812/udp RADIUS authentication protocol
• yahoo 5010 Yahoo! Messenger
• x11 6000-6063/tcp X Window System
TCP Packet Header
• SYN – Synchronize – it is used to initiate connection between hosts.
• ACk – Acknowledgement – It is used to establish connection between hosts.
• PSH – push – tells receiving system to send all buffer data.
• URG – urgent – stats that data contain in packet should be process immediately.
• FIN – finish – tells remote system that there will be no more transmission.
• TTL – Time to Live.