TCP SYN Scan Using nmap
Let's build on this common port scan so that your actions are stealthier.
In the next example, you will add two additional options: the -g and the –p options:
The -g option specifies the source port on the scanning machine (your system).
The most common option to use here is port 80 (because it's allowed through most
border network devices). The -p option sets the ports on the target system to scan.
Exercise 1: TCP SYN scan:
1. Using the -sS flag option, you will send the target system a SYN packet, but upon receiving the SYN/ACK from the target system, your system will not respond with an ACK packet (thus, completing the 3-way handshake). Instead, your system will respond with a RST packet (the port is then considered open). If you receive an RST/ACK packet from the target system, it indicates that there is not a running process on that port, or the process running on the port is not listening for connections.
user1@pentest:~#nmap -sS -vv -g 80 -p 80,88,135,139,389,445 target_IP_address > /root/ceh/syn_scan
nmap: program name
-sS: program option for TCP SYN scan
-vv: program option for double verbose output
-g 80: program option that specifies the source port on the scanning machine
(your system)
-p 80,88,135,139,389,445: specifies the ports on the target system to scan
target_IP_address: the IP address of the target system
> /root/ceh/syn_scan: redirect the output to a file called syn_scan in the /root/ceh directory
3. Examine your results:
user1@pentest:~#cat /root/ceh/syn_scan | less
5. Repeat steps #2-3 using a different target IP address and different destination port numbers
6. Email your results to proflheureux@gmail.com.
No comments:
Post a Comment