TCP/UDP Port Scanning
Port Scanning is the process of inspecting TCP or UDP port on remote machine with the intention of detecting what services are running on the target and what potential attack vectors may exit
Port Scanning is consider illegal and should not be performed outside the labs without permission
Essential Facts for Port Scanning
Due to the amount of traffic some scans can generate, along with their intrusive nature,
running port scans blindly can have adverse effects on target systemsclient network such as overloading server and network links or treiggering an IDS/IPS
Running the wrong scan result in downtime for the customer
Port scanning should be understood as a dynamic process that is unique to each engagement. The results of one scan determine the type and scope of the next scan
Simple TCP and UDP port scan using Netcat
The simplest TCP port scanning technique, usually called CONNECT Scanning, rely on three-way TCP handshake
In basic terms, a host sends a TCP SYN packet to a server on a destination port. If the destination port is open, the server responds with a SYN-ACK packet and the client host sends an ACK packet to complete the handshake. If the handshake completes successfully, the port is considered open. We can demonstrate
Simple TCP Netcat port scan on port 3388-3390
w - connection timeout in second
z - to specify zero-I/O mode (which is used for scanning and send no data)
-n - Numeric IP Address
-vv - verbose mode
UDP Scanning
UDP is stateless and does not involve three-way handshake
UDP Scanning using Netcat
-u - UDP Scan
UDP Scanning is often unreliable, as firewall and routers drop ICMP packets and can lead to false positives and ports showing closed.
Last updated