SlideShare ist ein Scribd-Unternehmen logo

NMAP by Shrikant Antre & Shobhit Gautam

n|u - The Open Security Community
n|u - The Open Security Community

NMAP by Shrikant Antre & Shobhit Gautam @ null Pune Meet, August, 2010

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
NMAP SCANNING NMAP SCANNING By: A Project By: Shrikant Antre Shobhit Gautam Shrikant Antre Shobhit Gautam
INTRODUCTION TO PORT SCANNING • Port Scanning is one of the most popular reconnaissance techniques used by hackers to discover services that can be compromised. NMAP SCANNING • A typical system has 2^16 -1 port numbers and one TCP port and one UDP port for each number. • A potential target computer runs many 'services' that listen at „well-known‟ 'ports'. • By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.
NMAP • Nmap is the most popular scanning tool used on the Internet. • Created by Fyodar (http://www.insecure.org) , it was featured in NMAP SCANNING the Matrix Reloaded movie. A Project By: Shrikant Antre Shobhit Gautam
TCP COMMUNICATION FLAGS • Standard TCP communications are controlled by flags in the TCP packet header. • The flags are as follows: Synchronize - also called "SYN” • Used to initiate a connection between hosts. – Acknowledgement - also called "ACK” • Used in establishing a connection between hosts – Push - "PSH” • Instructs receiving system to send all buffered data immediately – Urgent - "URG” • States that the data contained in the packet should be processed immediately – Finish - also called "FIN" • Tells remote system that there will be no more transmissions – Reset - also called "RST” A Project By: • Also used to reset a connection. Shrikant Antre Shobhit Gautam
THREE WAY HANDSHAKE Computer A Computer B 192.168.10.2:2312 ------------syn--------->192.168.1.3:80 192.168.1.2:2312 <---------syn/ack----------192.168.1.3:80 192.168.1.2:2312-------------ack----------->192.168.1.3:80 Connection Established • The Computer A ( 192.168.1.2 ) initiates a connection to the server ( 192.168.1.3 ) via a packet with only the SYN flag set. • The server replies with a packet with both the SYN and the ACK flag set. • For the final step, the client responds back the server with a single ACK packet. A Project•By: If these three steps are completed without complication, then a TCP connection has been established between the client and server. Shrikant Antre Shobhit Gautam
NMAP SCANNING TECHNIQUE • Most network servers listen on TCP ports, such as web servers on port 80 and mail servers on port 25. A port is considered "open" if an application is listening on the port, otherwise it is closed. • One way to determine whether a port is open is to send a "SYN" (session establishment) packet to the port. The target machine will send back a "SYN|ACK" (session request acknowledgment) packet if the port is open, and a "RST" (Reset) packet if the port is closed. A Project By: Shrikant Antre Shobhit Gautam
NMAP SCANNING OPTIONS •SYN Scanning •Stealth Scan •Xmas Scan •FIN Scan •NULL Scan •IDLE Scan •Fragmentation scanning •ICMP echo scanning A Project By: Shrikant Antre Shobhit Gautam
SYN SCANNING • Syn scanning, a technique that is widely across the Internet today. • The syn scan, also called the "half open" scan, is the ability to determine a ports state without making a full connection to the host. • Many systems do not log the attempt, and discard it as a communications error. A Project By: Shrikant Antre Shobhit Gautam
STEALTH SCAN Computer A Computer B 192.168.1.12:2722 ------------syn----------->192.168.1.23:80 192.168.1.12:2722 <---------syn/ack----------192.168.1.23:80 192.168.1.12:2722-------------RST----------->192.168.1.23:80 • Client sends a single SYN packet to the server on the appropriate port. • If the port is open then the server responds with a SYN/ACK packet. • If the server responds with an RST packet, then the remote port is in state "closed” • The client sends RST packet to close the initiation before a connection can ever be A Project By: established. Shrikant AntreThis scan also known as “half-open” scan. • Shobhit Gautam
XMAS SCAN Computer A Computer B Xmas scan directed at open port: 192.5.5.92:4031 -----------FIN/URG/PSH----------->192.5.5.110:23 192.5.5.92:4031 <----------NO RESPONSE------------192.5.5.110:23 Xmas scan directed at closed port: 192.5.5.92:4031 -----------FIN/URG/PSH----------->192.5.5.110:23 192.5.5.92:4031<-------------RST/ACK--------------192.5.5.110:23 • Note: XMAS scan only works on OS system's TCP/IP implementation which is developed according to RFC 793 • Xmas Scan will not work against any current version of Microsoft Windows. A Project By: • Xmas scans directed at any Microsoft system will show all ports on the host as being closed. Shrikant Antre Shobhit Gautam
FIN SCAN Computer A Computer B FIN scan directed at open port: 192.5.5.92:2031 -----------FIN------------------->192.5.5.110:23 192.5.5.92:2031 <----------NO RESPONSE------------192.5.5.110:23 FIN scan directed at closed port: 192.5.5.92:2031 -------------FIN------------------192.5.5.110:23 192.5.5.92:2031<-------------RST/ACK--------------192.5.5.110:23 • Note: FIN scan only works OS system's TCP/IP implementation is developed according to RFC 793 • FIN Scan will not work against any current version of Microsoft Windows. A Project By: • FIN scans directed at any Microsoft system will show all ports on the host as being closed. Shrikant Antre Shobhit Gautam
NULL SCAN Computer A Computer B NULL scan directed at open port: 192.7.8.91:4231 -----------NO FLAGS SET---------->192.6.7.110:23 192.7.8.91:4231 <----------NO RESPONSE------------192.6.7.110:23 NULL scan directed at closed port: 192.7.8.91:4231 -------------NO FLAGS SET---------192.6.7.110:23 192.7.8.91:4231<-------------RST/ACK--------------192.6.7.110:23 • Note: NULL scan only works OS system's TCP/IP implementation is developed according to RFC 793 • NULL Scan will not work against any current version of Microsoft Windows. A Project By: • NULL scans directed at any Microsoft system will show all ports on the host as being closed. Shrikant Antre Shobhit Gautam
IDLE SCAN • A few years ago, security researcher „Antirez‟ posted an innovative new TCP port scanning technique. • Idle scan, as it has become known, allows for completely blind port scanning. • Attackers can actually scan a target without sending a single packet to the target from their own IP address. A Project By: Shrikant Antre Shobhit Gautam
IDLE SCAN: BASICS • One way to determine whether a port is open is to send a "SYN" (session establishment) packet to the port. • The target machine will send back a "SYN|ACK" (session request acknowledgment) packet if the port is open, and a "RST" (Reset) packet if the port is closed. • A machine which receives an unsolicited SYN|ACK packet will respond with a RST. An unsolicited RST will be ignored. • Every IP packet on the Internet has a "fragment identification" number. • Many operating systems simply increment this number for every packet they send. • So probing for this number can tell an attacker how many packets have been sent since the last probe. A Project By: Shrikant Antre Shobhit Gautam
IDLE SCAN: STEP 1 Choose a "zombie" and problem for its current IPID number A Project By: Shrikant Antre Shobhit Gautam
IDLE SCAN: STEP 2 Send forged packet "from" Zombie to target. A Project By: Shrikant Antre Shobhit Gautam
IDLE SCAN: STEP 3 Probe Zombie IPID again A Project By: Shrikant Antre Shobhit Gautam
FRAGMENTATION SCANNING • Instead of just sending the probe packet, you break it into a couple of small IP fragments. • You are splitting up the TCP header over several packets to make it harder for packet filters and so forth to detect what you are doing. • The -f switch instructs the specified SYN or FIN scan to use tiny fragmented packets. A Project By: Shrikant Antre Shobhit Gautam
ICMP ECHO SCANNING • This isn't really port scanning, since ICMP doesn't have a port abstraction. • But it is sometimes useful to determine what hosts in a network are up by pinging them all. • nmap -P A Project By: Shrikant Antre Shobhit Gautam
PING DETECTION -P0 (don’t ping) -PT (TCP ping) -PS (SYN ping) -PI (ICMP ping) -PB (= PT + PI) -PP (ICMP timestamp) -PM (ICMP netmask) A Project By: Shrikant Antre Shobhit Gautam
OUTPUT FORMAT -oN(ormal) -oX(ml) -oG(repable) -oA(ll) A Project By: Shrikant Antre Shobhit Gautam
TIMING -T Paranoid – serial scan & 300 sec wait -T Sneaky - serialize scans & 15 sec wait -T Polite - serialize scans & 0.4 sec wait -T Normal – parallel scan -T Aggressive- parallel scan & 300 sec timeout & 1.25 sec/probe -T Insane - parallel scan & 75 sec timeout & 0.3 sec/probe --host_timeout --max_rtt_timeout (default - 9000) --min_rtt_timeout --initial_rtt_timeout (default – 6000) A Project By: --max_parallelism --scan_delay (between probes) Shrikant Antre Shobhit Gautam
TIMING --resume (scan) --append_output -iL <targets_filename> -p <port ranges> -F (Fast scan mode) -D <decoy1 [,decoy2][,ME],> -S <SRC_IP_Address> -e <interface> -g <portnumber> --data_length <number> --randomize_hosts -O (OS fingerprinting) -I (dent-scan) -f (fragmentation) -v (verbose) -h (help) -n (no reverse lookup) -R (do reverse lookup) -r (dont randomize port scan) -b <ftp relay host> (FTP bounce) A Project By: Shrikant Antre Shobhit Gautam
THANK YOU A Project By: Shrikant Antre Shobhit Gautam

Empfohlen

NMAP
NMAPNMAP
NMAPPrateekAryan1
 
NMap
NMapNMap
NMapPritesh Raka
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 

Empfohlen

NMAP
NMAPNMAP
NMAPPrateekAryan1
 
NMap
NMapNMap
NMapPritesh Raka
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptorsn|u - The Open Security Community
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmapAshish Jha
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Nmap
NmapNmap
NmapMegha Sahu
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nmap
NmapNmap
NmapNishaYadav177
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesMauro Risonho de Paula Assumpcao
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmapAshish Jha
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 

Was ist angesagt? (20)

Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorial
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
N map presentation
N map presentationN map presentation
N map presentation
 
Nmap
NmapNmap
Nmap
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Port scanning
Port scanningPort scanning
Port scanning
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmap
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
 
Nmap
NmapNmap
Nmap
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Nmap
NmapNmap
Nmap
 

Andere mochten auch

Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"abend_cve_9999_0001
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkAnimesh Roy
 
OpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentOpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentBabel
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security IXatierlike Lee
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisYoram Orzach
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesShellmates
 
Ch 07 -- The Expert System
Ch 07 -- The Expert SystemCh 07 -- The Expert System
Ch 07 -- The Expert SystemYoram Orzach
 
Wireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsWireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsYoram Orzach
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingCh 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingYoram Orzach
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)Denny K
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 

Andere mochten auch (19)

Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Port scanning
Port scanningPort scanning
Port scanning
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
 
OpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentOpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessment
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP Analysis
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
 
Ch 07 -- The Expert System
Ch 07 -- The Expert SystemCh 07 -- The Expert System
Ch 07 -- The Expert System
 
Wireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsWireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics tools
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingCh 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching Troubleshooting
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
 

Ähnlich wie NMAP by Shrikant Antre & Shobhit Gautam

How to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxHow to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxKirill Shipulin
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)Art Schanz
 
Martin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -finalMartin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -finalPacSecJP
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminskyDan Kaminsky
 
Socket programming using C
Socket programming using CSocket programming using C
Socket programming using CAjit Nayak
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 

Ähnlich wie NMAP by Shrikant Antre & Shobhit Gautam (20)

Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
How to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxHow to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linux
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Scanning
ScanningScanning
Scanning
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information Gathering
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
TCP-IP PROTOCOL
TCP-IP PROTOCOLTCP-IP PROTOCOL
TCP-IP PROTOCOL
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptx
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
 
Martin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -finalMartin Zeiser, Universal Pwn n Play - pacsec -final
Martin Zeiser, Universal Pwn n Play - pacsec -final
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptx
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
 
Socket programming using C
Socket programming using CSocket programming using C
Socket programming using C
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles Away
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 

Kürzlich hochgeladen

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Kürzlich hochgeladen (20)

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

NMAP by Shrikant Antre & Shobhit Gautam

  • 1. NMAP SCANNING NMAP SCANNING By: A Project By: Shrikant Antre Shobhit Gautam Shrikant Antre Shobhit Gautam
  • 2. INTRODUCTION TO PORT SCANNING • Port Scanning is one of the most popular reconnaissance techniques used by hackers to discover services that can be compromised. NMAP SCANNING • A typical system has 2^16 -1 port numbers and one TCP port and one UDP port for each number. • A potential target computer runs many 'services' that listen at „well-known‟ 'ports'. • By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.
  • 3. NMAP • Nmap is the most popular scanning tool used on the Internet. • Created by Fyodar (http://www.insecure.org) , it was featured in NMAP SCANNING the Matrix Reloaded movie. A Project By: Shrikant Antre Shobhit Gautam
  • 4. TCP COMMUNICATION FLAGS • Standard TCP communications are controlled by flags in the TCP packet header. • The flags are as follows: Synchronize - also called "SYN” • Used to initiate a connection between hosts. – Acknowledgement - also called "ACK” • Used in establishing a connection between hosts – Push - "PSH” • Instructs receiving system to send all buffered data immediately – Urgent - "URG” • States that the data contained in the packet should be processed immediately – Finish - also called "FIN" • Tells remote system that there will be no more transmissions – Reset - also called "RST” A Project By: • Also used to reset a connection. Shrikant Antre Shobhit Gautam
  • 5. THREE WAY HANDSHAKE Computer A Computer B 192.168.10.2:2312 ------------syn--------->192.168.1.3:80 192.168.1.2:2312 <---------syn/ack----------192.168.1.3:80 192.168.1.2:2312-------------ack----------->192.168.1.3:80 Connection Established • The Computer A ( 192.168.1.2 ) initiates a connection to the server ( 192.168.1.3 ) via a packet with only the SYN flag set. • The server replies with a packet with both the SYN and the ACK flag set. • For the final step, the client responds back the server with a single ACK packet. A Project•By: If these three steps are completed without complication, then a TCP connection has been established between the client and server. Shrikant Antre Shobhit Gautam
  • 6. NMAP SCANNING TECHNIQUE • Most network servers listen on TCP ports, such as web servers on port 80 and mail servers on port 25. A port is considered "open" if an application is listening on the port, otherwise it is closed. • One way to determine whether a port is open is to send a "SYN" (session establishment) packet to the port. The target machine will send back a "SYN|ACK" (session request acknowledgment) packet if the port is open, and a "RST" (Reset) packet if the port is closed. A Project By: Shrikant Antre Shobhit Gautam
  • 7. NMAP SCANNING OPTIONS •SYN Scanning •Stealth Scan •Xmas Scan •FIN Scan •NULL Scan •IDLE Scan •Fragmentation scanning •ICMP echo scanning A Project By: Shrikant Antre Shobhit Gautam
  • 8. SYN SCANNING • Syn scanning, a technique that is widely across the Internet today. • The syn scan, also called the "half open" scan, is the ability to determine a ports state without making a full connection to the host. • Many systems do not log the attempt, and discard it as a communications error. A Project By: Shrikant Antre Shobhit Gautam
  • 9. STEALTH SCAN Computer A Computer B 192.168.1.12:2722 ------------syn----------->192.168.1.23:80 192.168.1.12:2722 <---------syn/ack----------192.168.1.23:80 192.168.1.12:2722-------------RST----------->192.168.1.23:80 • Client sends a single SYN packet to the server on the appropriate port. • If the port is open then the server responds with a SYN/ACK packet. • If the server responds with an RST packet, then the remote port is in state "closed” • The client sends RST packet to close the initiation before a connection can ever be A Project By: established. Shrikant AntreThis scan also known as “half-open” scan. • Shobhit Gautam
  • 10. XMAS SCAN Computer A Computer B Xmas scan directed at open port: 192.5.5.92:4031 -----------FIN/URG/PSH----------->192.5.5.110:23 192.5.5.92:4031 <----------NO RESPONSE------------192.5.5.110:23 Xmas scan directed at closed port: 192.5.5.92:4031 -----------FIN/URG/PSH----------->192.5.5.110:23 192.5.5.92:4031<-------------RST/ACK--------------192.5.5.110:23 • Note: XMAS scan only works on OS system's TCP/IP implementation which is developed according to RFC 793 • Xmas Scan will not work against any current version of Microsoft Windows. A Project By: • Xmas scans directed at any Microsoft system will show all ports on the host as being closed. Shrikant Antre Shobhit Gautam
  • 11. FIN SCAN Computer A Computer B FIN scan directed at open port: 192.5.5.92:2031 -----------FIN------------------->192.5.5.110:23 192.5.5.92:2031 <----------NO RESPONSE------------192.5.5.110:23 FIN scan directed at closed port: 192.5.5.92:2031 -------------FIN------------------192.5.5.110:23 192.5.5.92:2031<-------------RST/ACK--------------192.5.5.110:23 • Note: FIN scan only works OS system's TCP/IP implementation is developed according to RFC 793 • FIN Scan will not work against any current version of Microsoft Windows. A Project By: • FIN scans directed at any Microsoft system will show all ports on the host as being closed. Shrikant Antre Shobhit Gautam
  • 12. NULL SCAN Computer A Computer B NULL scan directed at open port: 192.7.8.91:4231 -----------NO FLAGS SET---------->192.6.7.110:23 192.7.8.91:4231 <----------NO RESPONSE------------192.6.7.110:23 NULL scan directed at closed port: 192.7.8.91:4231 -------------NO FLAGS SET---------192.6.7.110:23 192.7.8.91:4231<-------------RST/ACK--------------192.6.7.110:23 • Note: NULL scan only works OS system's TCP/IP implementation is developed according to RFC 793 • NULL Scan will not work against any current version of Microsoft Windows. A Project By: • NULL scans directed at any Microsoft system will show all ports on the host as being closed. Shrikant Antre Shobhit Gautam
  • 13. IDLE SCAN • A few years ago, security researcher „Antirez‟ posted an innovative new TCP port scanning technique. • Idle scan, as it has become known, allows for completely blind port scanning. • Attackers can actually scan a target without sending a single packet to the target from their own IP address. A Project By: Shrikant Antre Shobhit Gautam
  • 14. IDLE SCAN: BASICS • One way to determine whether a port is open is to send a "SYN" (session establishment) packet to the port. • The target machine will send back a "SYN|ACK" (session request acknowledgment) packet if the port is open, and a "RST" (Reset) packet if the port is closed. • A machine which receives an unsolicited SYN|ACK packet will respond with a RST. An unsolicited RST will be ignored. • Every IP packet on the Internet has a "fragment identification" number. • Many operating systems simply increment this number for every packet they send. • So probing for this number can tell an attacker how many packets have been sent since the last probe. A Project By: Shrikant Antre Shobhit Gautam
  • 15. IDLE SCAN: STEP 1 Choose a "zombie" and problem for its current IPID number A Project By: Shrikant Antre Shobhit Gautam
  • 16. IDLE SCAN: STEP 2 Send forged packet "from" Zombie to target. A Project By: Shrikant Antre Shobhit Gautam
  • 17. IDLE SCAN: STEP 3 Probe Zombie IPID again A Project By: Shrikant Antre Shobhit Gautam
  • 18. FRAGMENTATION SCANNING • Instead of just sending the probe packet, you break it into a couple of small IP fragments. • You are splitting up the TCP header over several packets to make it harder for packet filters and so forth to detect what you are doing. • The -f switch instructs the specified SYN or FIN scan to use tiny fragmented packets. A Project By: Shrikant Antre Shobhit Gautam
  • 19. ICMP ECHO SCANNING • This isn't really port scanning, since ICMP doesn't have a port abstraction. • But it is sometimes useful to determine what hosts in a network are up by pinging them all. • nmap -P A Project By: Shrikant Antre Shobhit Gautam
  • 20. PING DETECTION -P0 (don’t ping) -PT (TCP ping) -PS (SYN ping) -PI (ICMP ping) -PB (= PT + PI) -PP (ICMP timestamp) -PM (ICMP netmask) A Project By: Shrikant Antre Shobhit Gautam
  • 21. OUTPUT FORMAT -oN(ormal) -oX(ml) -oG(repable) -oA(ll) A Project By: Shrikant Antre Shobhit Gautam
  • 22. TIMING -T Paranoid – serial scan & 300 sec wait -T Sneaky - serialize scans & 15 sec wait -T Polite - serialize scans & 0.4 sec wait -T Normal – parallel scan -T Aggressive- parallel scan & 300 sec timeout & 1.25 sec/probe -T Insane - parallel scan & 75 sec timeout & 0.3 sec/probe --host_timeout --max_rtt_timeout (default - 9000) --min_rtt_timeout --initial_rtt_timeout (default – 6000) A Project By: --max_parallelism --scan_delay (between probes) Shrikant Antre Shobhit Gautam
  • 23. TIMING --resume (scan) --append_output -iL <targets_filename> -p <port ranges> -F (Fast scan mode) -D <decoy1 [,decoy2][,ME],> -S <SRC_IP_Address> -e <interface> -g <portnumber> --data_length <number> --randomize_hosts -O (OS fingerprinting) -I (dent-scan) -f (fragmentation) -v (verbose) -h (help) -n (no reverse lookup) -R (do reverse lookup) -r (dont randomize port scan) -b <ftp relay host> (FTP bounce) A Project By: Shrikant Antre Shobhit Gautam
  • 24. THANK YOU A Project By: Shrikant Antre Shobhit Gautam