Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə67/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   63   64   65   66   67   68   69   70   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

TCP SYN Scan
The TCP SYN scan is the default scan that runs against the target machine. It is the fastest scan. 
You can tweak it to make it even faster by using the –n option, which would tell the nmap to skip 
the DNS resolution.
SYN + Port 80
SYN/ACK
RST
Source
192.168.0.8
Destination
192.168.0.10
This diagram illustrates how a TCP SYN scan works:

The source machine sends a SYN packet to port 80 in the destination machine.

If the machine responds with SYN/ACK packet, Nmap would know that the particular port 
is 
open
on the target machine.

The operating system would send a RST (Reset) packet in order to close the connection
since we already know that the port is open.

However, if there is no response from the destination after sending the SYN packet, the 
nmap would know that the port is 
filtered
.

If you send a SYN packet and the target machine sends a RST packet, then nmap would 
know that the port is 
closed
.
Command
: The command/syntax for the TCP SYN scan is as follows:
nmap –sS


Target Enumeration and Port Scanning Techniques
◾ 
103
From this picture, you can see that I have specified two additional parameters (–n and –p). 
The –n parameter tells the nmap not to perform the name resolution; this is commonly used to 
increase the speed of the scan. The –p parameter is used to specify the ports to scan, which in this 
case is port 80.
I also ran 
Wireshark
(a network analysis tool) while performing this scan to record the behavior 
of the packets. The output was what we expected.
As you can see from the first line the source 192.168.15.14 sends a SYN packet to the desti-
nation 192.168.15.1. The destination responds with a SYN, ACK in the second line. The source 
192.168.15.14 then sends a RST packet to close the connection, thus displaying the behavior dis-
cussed earlier. I have also used the “TCP” filter to filter out tcp protocol–related requests.
The positive side of this scan is that it is pretty fast; its downside is that it is often detected by 
IDS, IPS, and firewalls. We will talk about some techniques to perform noiseless scans later in 
this chapter.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   63   64   65   66   67   68   69   70   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin