-: Network Hacking (Port Scanning) :-
Port Scanning :-
Port scanning is carried out to determine a list of open ports on
the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports
and tries to determine which ports are in listening mode.
1) TCP Ports Scanning :- Almost all port
scans are based on the client sending a packet containing a particular
flag to the target port of the remote system to determine whether
the port is open. Following table lists the type of flags a TCP packet
header can contain.
||This flag tells the receiver that the
data pointed at by the urgent pointer required urgently.
||This flag is turned on whenever sender
wants to acknowledge the receipt of all data send by the receiving
||The data must be passed on to the application
as soon as possible.
||There has been a problem with the connection
and one wants to reset the connection with another.
||If system X wants to establish TCP connection
with system Y, then it sends it's own sequence number to Y,
requesting that a connection be established. Such apacket is
known as synchronize sequence numbers or SYN packet.
||If system X has finished sending all
data packets and wants to end the TCP/IP connection that it
has established with Y, then it sends a packet with a FIN flag
to system Y.
A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client's
SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning
2) UDP Ports Scanning :- In UDP port
scanning, aUDP packet is sent to each port on the target host one
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3) FTP Bounce Port Scanning :- The FTP
bounce port scanning technique was discovered by Hobbit. He revealed
a very interesting loophole in the FTP protocol that allowed users
connected to the FTP service of a particular system to connect to
any port of another system. This loophole allows anonymous port scanning.