Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Multipart PortScanning Tutorial part 1

  1. #1
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Multipart PortScanning Tutorial part 1

    This is not so much a "How To" but rather a "What Is" The tutorials come latter.

    Today we will be talking about Port Scanning and what it is.

    Disclaimer: This information is for educational purposes only and not to commit a crime!
    If you do something that causes you to hose your box don't come kicking and screaming on the forums!


    Port Scanning is like a car thief walking around a busy parking lot and trying to find cars that are unlocked.
    However on our computer or network. This can sometimes be bad if we leave the "doors" (ports) "unlocked" (open). When we leave ports open on the Internet it is not "if" someone will find it but "when". Port scanning software like Nmap Allows anyone to scan computers connected to a network. This can be done simply by the program sending out a request to connect to a target computer. Then it waits to see which port(s) responds or seems to be open so that it can be studied latter more in depth. Sometimes a computer doesn't respond and this information can be useful too. We will cover that more in depth latter.

    When a scanner is looking for ports on a target computer it has two choices for port type. First is TCP which is the Transmission Control Protocol.This is simply the "rule set" by which data is exchanged over a network. This data exchange is bytes of data that are called packets. These packets normally consist of a "Header" and a "body". The header is the "address" of where the packet is going to. This is used by routers on a network to send the data along its way. The "body" is the information that has been sent. Think of it as a letter to grandma first you have the envelope which is the packet. You have the address to grandma which is the header, And finally you have the letter itself, which is the body of the packet. It doesn't really matter which order these packets arrive at its destination because the computer on the receiving end can put them back together in the right order.

    Now UDP on the other hand does not guarantee reliability or ordering in the way that TCP does. This means that the packets can arrive out of order, they can be duplicated or become missing without notice. This sometimes makes UDP faster than TCP. We will talk more about UDP later on.

    Back to port scanning. When we scan ports we have up to 65,535 to choose from. This is the same for TCP and UDP. Thats a lot of doors for us to lock and make sure they stay locked.

    The first 1024 TCP ports are called the Well-Known Ports and are associated with standard services such as FTP, HTTP, SMTP or DNS.
    The Registered Ports are those in the range 1024–49151.
    The Dynamic and/or Private Ports are those in the range 49152–65535. Randomly chosen port numbers out of this range are called ephemeral ports. These ports are not permanently assigned to any publicly defined application.

    If a port scan is being done with malicious intent, an attacker normally wants to go undetected. Network security applications can be configured to alert administrators if they detect connection requests across a broad range of ports from a single host. To get around this an attacker can do the port scan in strobe or stealth mode. Strobing limits the ports to a smaller target set rather than blanket scanning all 65535 ports. Stealth scanning uses techniques such as slowing the scan down. By scanning the ports over a much longer period of time we can better evade IDS. Although this is not always the case!

    By setting different TCP flags or sending different types of packets a port scan can generate different results or locate open ports in different ways. A SYN scan will tell the port scanner which ports are listening and which are not depending on the type of response generated. This is normally accomplished by a Three-Way Handshake.
    First we have the Syn Packet sent from a computer wishing to connect to another saying "let's connect". Then the computer we wish to connect to says with a SYN-ACK "ok let's connect".Then we would send another ACK back saying "ok". At this point the two computers would be "connected". If the port however was closed then we normally wouldn't get any response back.

    In the next few segments we will be looking at the output of some various scans on our target machine. We will be using nmap to do this.
    So until then go and read up on nmap so that you have a basic understanding of the tool.

    The other parts are located here:
    Part2
    Part3
    Part4
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  2. #2
    Just burned his ISO abyss's Avatar
    Join Date
    Aug 2007
    Posts
    16

    Default

    Awesome tutorial
    Thank you!!!!

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by abyss View Post
    Awesome tutorial
    Thank you!!!!
    Thank you for the kind words!
    I hope this has helped you out in some way.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Junior Member
    Join Date
    Aug 2007
    Posts
    85

    Default

    Thanks ... really help me to understand some BASIC stuff !!! you style is very internetting keep it up ... and thanks for u TIME ...

  5. #5
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    It's good stuff to read and i liked it, even though i already knew ^^
    (seeing as this is basic stuff for anyone calling themself a hacker should know?)
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Ethical Thanks ... really help me to understand some BASIC stuff !!! you style is very internetting keep it up ... and thanks for u TIME
    MaXe Legend It's good stuff to read and i liked it, even though i already knew ^^
    (seeing as this is basic stuff for anyone calling themself a hacker should know?)
    Thanks, Ethical and Maxe Legend,
    The point of this is not just a rehash of some skills that "everyone does or should know" which may or maynot be true but rather so that some one can sit down and look at the parts and if they follow along they may learn something and progress, with each part. I want to go from basic or noob to Advanced or BT Guru whatever ya wanna call it.
    Any rate glad that it helped.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Ah okay now i see the purpose of the guide then :P Thank you
    for telling me so my low amount of braincells could understand ^^
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  8. #8
    Junior Member
    Join Date
    Dec 2006
    Posts
    39

    Default

    Great start and thanks for taking the time to write this up.

  9. #9
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    6

    Default

    nice tutorial thanks.

  10. #10
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Thanks for the tutorial archangel.amael. It's very informative and helpful.

    Quote Originally Posted by MaXe Legend View Post
    (seeing as this is basic stuff for anyone calling themself a hacker should know?)
    I've never read such arrogant nonsense. Do you get off on saying things like that?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •