RE: Simple Scan
From: Burton Strauss (BStrauss3_at_comcast.net)
Date: 02/18/05
- Previous message: Dan Tesch: "Re: Windows 2003 SBS for web server?"
- In reply to: Paul Selibas: "Simple Scan"
- Next in thread: Stephane Auger: "RE: Simple Scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Fri, 18 Feb 2005 07:10:38 -0600
ping (icmp protocol) != information about a particular port.
The icmp protocol operates at a higher level than a specific tcp or udp
port. Think of ICMP as a scooter, udp as a sports car and tcp as a SUV.
They all get information to/from places but payloads and overheads are
different. Just because a scooter gets somewhere doesn't mean that there is
a parking spot for an SUV.
To probe something that specific, you need to craft some code that attempts
to connect - using the right protocol (tcp or udp) and the right parking
space (port). Luckily there are many tools that already do this - perhaps
the easiest to come by across a wide range of platforms is nmap
(http://www.insecure.org/nmap/)
Read the nmap man page - it has lots of choices, but these probably will be
what you want:
-PT [portlist]
Use TCP "ping" to determine what hosts are up. Instead of
sending ICMP echo request packets and waiting for a
response, we spew out TCP ACK packets throughout the
target network (or to a single machine) and then wait for
responses to trickle back. Hosts that are up should respond
with a RST. This option preserves the efficiency of
only scanning hosts that are up while still allowing you to
scan networks/hosts that block ping packets. For non
root users, we use connect(). To set the destination ports of
the probe packets use -PT<port1>[,port2][...]. The
default port is 80, since this port is often not filtered
out. Note that this option now accepts multiple, comma-
separated port numbers.
-PS [portlist]
This option uses SYN (connection request) packets instead of
ACK packets for root users. Hosts that are up should
respond with a RST (or, rarely, a SYN|ACK). You can set the
destination ports in the same manner as -PT above.
-PU [portlist]
This option sends UDP probes to the specified hosts,
expecting an ICMP port unreachable packet (or possibly a UDP
response if the port is open) if the host is up. Since many
UDP services won't reply to an empty packet, your best
bet might be to send this to expected-closed ports rather than
open ones.
-----Burton
-----Original Message-----
From: Paul Selibas [mailto:gotiex@yahoo.com]
Sent: Wednesday, February 16, 2005 1:14 AM
To: security-basics@securityfocus.com
Subject: Simple Scan
Greetings all...
I am looking for a way to check which hosts are up and have port 3321 open
on my network. But i dont want to ping, is there no way of just probing
port
3321 and reporting back if it is open or not?
Many Thanks
__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
- Previous message: Dan Tesch: "Re: Windows 2003 SBS for web server?"
- In reply to: Paul Selibas: "Simple Scan"
- Next in thread: Stephane Auger: "RE: Simple Scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
