Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- TCP SYN Scan
|
TCP SYN Scan
The TCP SYN scan is the default scan that runs against the target machine. It is the fastest scan. You can tweak it to make it even faster by using the –n option, which would tell the nmap to skip the DNS resolution. SYN + Port 80 SYN/ACK RST Source 192.168.0.8 Destination 192.168.0.10 This diagram illustrates how a TCP SYN scan works: ◾ The source machine sends a SYN packet to port 80 in the destination machine. ◾ If the machine responds with SYN/ACK packet, Nmap would know that the particular port is open on the target machine. ◾ The operating system would send a RST (Reset) packet in order to close the connection, since we already know that the port is open. ◾ However, if there is no response from the destination after sending the SYN packet, the nmap would know that the port is filtered . ◾ If you send a SYN packet and the target machine sends a RST packet, then nmap would know that the port is closed . Command : The command/syntax for the TCP SYN scan is as follows: nmap –sS Target Enumeration and Port Scanning Techniques ◾ 103 From this picture, you can see that I have specified two additional parameters (–n and –p). The –n parameter tells the nmap not to perform the name resolution; this is commonly used to increase the speed of the scan. The –p parameter is used to specify the ports to scan, which in this case is port 80. I also ran Wireshark (a network analysis tool) while performing this scan to record the behavior of the packets. The output was what we expected. As you can see from the first line the source 192.168.15.14 sends a SYN packet to the desti- nation 192.168.15.1. The destination responds with a SYN, ACK in the second line. The source 192.168.15.14 then sends a RST packet to close the connection, thus displaying the behavior dis- cussed earlier. I have also used the “TCP” filter to filter out tcp protocol–related requests. The positive side of this scan is that it is pretty fast; its downside is that it is often detected by IDS, IPS, and firewalls. We will talk about some techniques to perform noiseless scans later in this chapter. Yüklə 22,44 Mb. Dostları ilə paylaş:
|