Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Simple Scan

from [Burton Strauss] Network Security [Permanent Link]
Subject: RE: Simple Scan
Date: Fri, 18 Feb 2005 07:10:38 -0600 
ping (icmp protocol) != information about a particular port.

The icmp protocol operates at a higher level than a specific tcp or udp
port.  Think of ICMP as a scooter, udp as a sports car and tcp as a SUV.
They all get information to/from places but payloads and overheads are
different.  Just because a scooter gets somewhere doesn't mean that there is
a parking spot for an SUV.

To probe something that specific, you need to craft some code that attempts
to connect - using the right protocol (tcp or udp) and the right parking
space (port).  Luckily there are many tools that already do this - perhaps
the easiest to come by across a wide range of platforms is nmap
(http://www.insecure.org/nmap/)

Read the nmap man page - it has lots of choices, but these probably will be
what you want:

       -PT [portlist]
              Use TCP "ping" to determine what hosts are up.  Instead of
sending ICMP echo request  packets  and  waiting  for  a
              response,  we  spew  out  TCP  ACK packets throughout the
target network (or to a single machine) and then wait for
              responses to trickle back.  Hosts that are up should respond
with a RST.  This option preserves the  efficiency  of
              only  scanning  hosts that are up while still allowing you to
scan networks/hosts that block ping packets.  For non
              root users, we use connect().  To set the destination ports of
the probe packets use -PT<port1>[,port2][...].   The
              default  port is 80, since this port is often not filtered
out.  Note that this option now accepts multiple, comma-
              separated port numbers.

       -PS [portlist]
              This option uses SYN (connection request) packets instead of
ACK packets for root users.  Hosts that are up  should
              respond with a RST (or, rarely, a SYN|ACK).  You can set the
destination ports in the same manner as -PT above.

       -PU [portlist]
              This  option  sends UDP probes to the specified hosts,
expecting an ICMP port unreachable packet (or possibly a UDP
              response if the port is open) if the host is up.  Since many
UDP services won't reply to an empty packet, your best
              bet might be to send this to expected-closed ports rather than
open ones.


-----Burton

-----Original Message-----
From: Paul Selibas [mailto:gotiex@yahoo.com] 
Sent: Wednesday, February 16, 2005 1:14 AM
To: security-basics@securityfocus.com
Subject: Simple Scan

 Greetings all...
  
 I am looking for a way to check which hosts are up  and have port 3321 open
on my network. But i dont  want to ping, is there no way of just probing
port
 3321 and reporting back if it is open or not?
  
 Many Thanks
 



                
__________________________________
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Windows 2003 SBS for web server?, Dan Tesch
Next by Date:  RE: New to this: How to map network?, Ariel Doucette
Previous by Thread:  Simple Scan, Paul Selibas
Next by Thread:  RE: Simple Scan, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]