Port Scanning - Islamic University Of Gaza
1y ago
44 Views
1 Downloads
1.15 MB
11 Pages
Report/dmca
Download PDF

Transcription

Internet SecurityECOM 5347lab 2 Port ScanningPort ScanningObjectives1. Introduce the techniques of port scanning.2. Use port scanning audit tools such as nmap.Introduction: All machines connected to a LAN or connected to Internet via amodem run many services that listen at certain ports. A service is a program that waits inside a loop for a requestmessage from a client, and acts on the request. By port scanning, one discovers which ports are available (i.e.,being listened to by a service). Essentially, a port scan consists ofsending a message to each port, one at a time and examining theresponse received. If the port is in use, it can then be probedfurther for weakness. Port Scanning is one of the most popular among thereconnaissance techniques attackers use.Port Scanning Terms:Port Numbers: Both UDP and TCP use source and destination portnumbers in their packets; the source and destination IP addresses areprovided by the underlying IP.Port numbers are an abstraction manufactured by the network layer ofthe operating system in accordance with the TCP/IP standardsThese are 16-bit unsigned numbers. The port numbers are divided intothree ranges:1- Well Known Ports (from 0 through 1023)2- Registered Ports (from 1024 through 49151)3- Dynamic and/or Private Ports (from 49152 through 65535).13

Internet SecurityECOM 5347lab 2 Port ScanningSockets: A socket is an abstraction, similar to a file descriptor, constructedby socket(). A socket so constructed is bound to an IP address and portnumber via the bind() call. A server program then waits for a connection via the listen(), andaccept()s a connection.A socket is said to be active after the server has accepted a connection.It is connected to a remote active socket via an open data connection.Closing the connection destroys the active sockets at both endpoints. Apassive socket is not connected, but rather awaits an incomingconnection in the listen(), which will spawn a new active socket. A socketis not a port, though there is a close relationship between them. Eachport can have a single passive socket, awaiting incoming connections,and multiple active sockets, each corresponding to an open connectionon the port. Servers use bind(), listen(), and accept(). A client usesconnect(). The read(), write() are used by both clients and servers. Theprocess of connection is show in figures 1 ,2 and 3.Figure 114

Internet SecurityECOM 5347Figure 2 Socket calls for connection-oriented communicationFigure 3 Socket calls for connectionless communication15lab 2 Port Scanning

Internet SecurityECOM 5347lab 2 Port ScanningOpen Port: A service process is listening at the port. A port is openedby the OS at the request of a specific process. The OS receives packetsarriving at this port and gives the messages to the service process. If theOS receives a SYN at an open port, this is the first packet of the threeway handshake.Closed Port: No process is listening at the port. If the OS receives aSYN at a closed port, an RST is sent.Filtered Port: A packet filter is listening at the port.UDP scan: Finds open UDP ports. Note that TCP and UDP both have thesame port numbers, even though the OS distinguishes them ascompletely separate; see the file named /etc/services. The source portof UDP is an optional field. When meaningful, it indicates the port of thesending process. If it is not meaningful, a value of zero is used. UDPresponds in a different manner from a TCP scan. In order to find UDPports, the attacker generally sends empty UDP datagrams at the port. Ifthe port is listening, the service process will send back an error messageor ignore the incoming datagram. If the port is closed, then theoperating system sends back an "ICMP Port Unreachable" message.Fingerprinting an OSFingerprinting is the technique of interpreting the responses of a systemin order to figure out what it is. To make this more effective, unexpectedbut well-chosen combinations of data are sent to the system in order totrigger unique-enough responses. This is because while most systemsrespond alike with correct data, they rarely respond the same way whensent unusual data.Port Scanning Tools1. SAINT2. nmap (zenmap) , which we discuss below.3. nessus.16

Internet SecurityECOM 5347lab 2 Port ScanningNmap:The nmap port scanner (www.nmap.org) is widely known. According toits author Foydor, nmap is a utility for port scanning large networks,although it works fine for single hosts.Sometimes you need speed, other times you may need stealth. In somecases, bypassing firewalls may be required. Not to mention the fact thatyou may want to scan different protocols (UDP, TCP, ICMP, etc.). Youjust can't do all this with one scanning mode. And you don't want tohave 10 different scanners around, all with different interfaces andcapabilities. All these scanning technique you will found in nmap.Nmap (“Network Mapper”) is an open source tool for networkexploration and security auditing. It was designed to rapidly scan largenetworks, although it works fine against single hosts. Nmap uses raw IPpackets in novel ways to determine what hosts are available on thenetwork, what services (application name and version) those hosts areoffering, what operating systems (and OS versions) they are running,what type of packet filters/firewalls are in use, and dozens of othercharacteristics.Uses of Nmap :While Nmap is commonly used for security audits, many systemsand network administrators find it useful for routine tasks such asnetwork inventory, managing service upgrade schedules, and monitoringhost or service uptimeNmap output :The output from Nmap is a list of scanned targets, withsupplemental information on each depending on the options used. Keyamong that information is the “interesting ports table”. That table lists the port number and protocol, service name, andstate. The state is either open, filtered, closed, or unfiltered. Openmeans that an application on the target machine is listening forconnections/packets on that port. Filtered means that a firewall,filter, or other network obstacle is blocking the port so that Nmap17

Internet SecurityECOM 5347lab 2 Port Scanningcannot tell whether it is open or closed. Closed ports have noapplication listening on them, though they could open up at anytime. Ports are classified as unfiltered when they are responsive toNmap's probes, but Nmap cannot determine whether they areopen or closed. Nmap reports the state combinationsopen filtered and closed filtered when it cannot determine whichof the two states describe a port. The port table may also include software version details whenversion detection has been requested. In addition to the interesting ports table, Nmap can providefurther information on targets, including reverse DNS names,operating system guesses, device types, and MAC addresses.18

Internet SecurityECOM 5347lab 2 Port ScanningLab ExperimentRequirements:Setup a network contains at least two machines (in the lab) or you can usesoftware like VMware or Virtual PC to built you virtual lab (in your home).In this experiment you can use BackTrack 3 live cd to run Nmap or you caninstall windows version for your machine.Procedures :1. From windows :Graphical interface:1. From PC1 (windows xp or backtrack 3) setup nmap , in the target field typethe ip address or name of the target2. Determine the scan type according your need ; you can change scan typefrom profile field (each scan has different parameters and will returndifferent results) as an example3. Click Scan to start scanning , be patient until the result appears , the time ittakes depend on the scan type.4. Nmap output give you a summary for scanning process and other tabs giveyou the output in different shape. The output will be as previously discussion.5. An example for these is shown in figure 1Command line:Note that the previous process can be done using command line interface ; Clickstart, run and type the following command :Nmap [nmap switches] (ip address of the target)Example : Nmap –a –t4 192.168.1.1The summary will appear in command line with no GUI as in figure 2 and 3.To use nmap from command line from windows need from you Compiling andInstalling it to do this try http://nmap.org/book/inst-windows.html; a similarprocedures found if you want to install it in linux.May someone say that nmap work with me in command line without do thecompiling and installation procedure , this because of ypu are already install a selfinstaller version of nmap, so I recommend you to try.2. From backtrack :Graphical interface:1. Click start – All Applications – Backtrack – Network Mapping – chooseZenmap ; then a GUI similar to that will appear in windows appears and weuse it like windows.19

Internet SecurityECOM 5347lab 2 Port ScanningCommand line:2. Click start – All Applications – Backtrack –Network Mapping – choose Nmap ;then the shell will opened with help contains switches of nmap, usage ofeach one and examples.3. you can run nmap using nmap command as examples shown in help, figure 4shows example of port scanning on IUG website from Backtrack.Figure 1 port scanning using nmap20

Internet SecurityECOM 5347Figure 2 port scanning using command line21lab 2 Port Scanning

Internet SecurityECOM 5347Figure 3 port scanning using command line.Figure 4 port scanning using backtrackNote: Nmap switches in the attached file.22lab 2 Port Scanning

Internet SecurityECOM 5347lab 2 Port ScanningExercise :1. Use nmap port scanner to scan three different environment; Doyour work on machine on your network and secure website andnormal website. Use different switches (or different scan modes:eg. Stealth scan) and compare the result for each and the timethat take for each scan mode.2. As we know from this lab we can run nmap over windows, Linux,and Mac OS; in the lab we use nmap through GUI ; we install itusing wizard , it is easy way to install it .But if there is a problem in the wizard or you don’t like to use thisway to install it as many software in security field you can get thesource code from nmap.org and compile it then you can use fromconsole.Show in video or any way you see appropriate the steps of how toinstall nmap from it Source Code (compile and run).May this link useful for you:http://nmap.org/download.html23

capabilities. All these scanning technique you will found in nmap. Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets i

Related Books

security - Geoff Huston

security - Geoff Huston

Islamic Banking: A Guide for Small and Medium-sized .

Islamic Banking: A Guide for Small and Medium-sized .

Factors Affecting the Choice of Islamic Banking by SMEs in .

Factors Affecting the Choice of Islamic Banking by SMEs in .

ISLAMIC ART AND CULTURE - National Gallery of Art

ISLAMIC ART AND CULTURE - National Gallery of Art

Principles and Fundamentals of Islamic Management

Principles and Fundamentals of Islamic Management

Port Forwarding for CCTV - Hikvision

Port Forwarding for CCTV - Hikvision

Configuring Fabric Binding - Cisco

Configuring Fabric Binding - Cisco

RF engineering basic concepts: Sparameters - CERN

RF engineering basic concepts: Sparameters - CERN

The Port of Paradip : Mangrove Forest to a Major Port

The Port of Paradip : Mangrove Forest to a Major Port

Framework for the Destruction of Paper v1.0

Framework for the Destruction of Paper v1.0

Reconnaissance & Scanning

Reconnaissance & Scanning

PopularTags

Recent Views