Tuesday, January 9, 2018

Nmap Port Scanning Techniques Explained

Nmap Port Scanning Techniques Explained

 

This article will explain how basic port scanning works and the various port scanning techniques.

But before you start to read this article, please consider reading the following articles to understand better:
1. How data travels over Internet? TCP/UDP
2. A Beginner’s Guide To Ports
3. Port Scanning : First Step Of Exploitation
4. TCP Header and 3-Way Handshake
There are a lot of Pokémon. Some can throw fire out of their mouth, some can zap their enemy with electricity, some can hit with blazing fast punches and so on.
But would you use a fire type pokémon against a water type? At least I will not lol because every pokémon is unique and have its on capabilities and you can’t fight every opponent with the same pokémon.
It applies to port scanning too. There are a lot of port scanning techniques which have their own capabilities and today we are going to talk about them.
TCP SYN Scan
It is the default scan of Nmap. It sends SYN packet to a port of the target host. If the host replies with a SYN-ACK packet, it means there is a service running on that port i.e. port is open. Once it gets to know that the port is open, it sends a RST (reset) packet which interrupts the 3 Way TCP Handshake and the connection is not established. As a connection is not made, the scan happens to be stealthy.
If the port is closed, our machine gets a RST packet in reply.
If the target host doesn’t reply that means a firewall is blocking the packets and the port is said to be a filtered port
The ability of not completing the connection makes TCP SYN Scan faster than other scans.
UDP Scan
As we know most of the applications use TCP protocol because of its reliability but there a many applications that use UDP protocol and we should not ignore their existence.
As the name suggest, a UDP scans for open UDP ports.
UDP scans are a bit complicated, Nmap sends a UDP packet to a port of the target hosts and the possible responses of the target host are:
1. If the target port replies with a port unreachable error then the port is closed. ICMP packet are used for error reporting and we may read about them in upcoming articles.
2. If the port replies with a UDP Packet, the port is open.
3. If the target host doesn’t reply it could mean that the service running on that port is not responding or the firewall is blocking packets. Due to this conspiracy, the port is said to be open|filtered.
UDP Scan are very very slow due to the nature of the UDP applications and involvement of ICMP packets.
TCP ACK scan
This scan is used to map which ports are filtered and which are not which gives the attacker a quick idea of what is easy to attack and what is not.
It sends a ACK packet to the target port, if the port is open or closed it will reply with a RST packet.
If the target port doesn’t reply at all or reply with an unreachable error (ICMP Packet), it means the firewall is blocking packets i.e. the port is filtered.
This scan might come in handy to test firewalls.
Well the list doesn’t end here. There are SCTP INIT scan, TCP NULL, FIN, Xmas and other scans too but I don’t think its the right time to discuss them so that’s all for now.

 

2 comments:

  1. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete
  2. Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to

    (hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time.

    Contact him now and thank me later.

    ReplyDelete

Are you looking for most trusted hosting website?

What is Web Hosting? Web hosting is a service that allows organizations and individuals to post a website or web page onto the Internet. A...