RE: Simple Scan
From: Paris E. Stone (pstone_at_alhurra.com)
Date: 02/21/05
- Previous message: Mark Spencer: "Free Webmail w/ SSL?"
- Maybe in reply to: Paul Selibas: "Simple Scan"
- Next in thread: Jeff Gercken: "RE: Simple Scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Feb 2005 11:20:05 -0500 To: "Burton Strauss" <BStrauss3@comcast.net>, <security-basics@securityfocus.com>
ICMP operates at a higher level?
Your analogy is good, except that ICMP is a layer 3 protocol, TCP & UDP
are layer 4 protocols.
~~~~~
Paris E. Stone, "Linux Zealot"
CISSP, CCNP, CNE, MCSE
~~~~~
The only thing necessary for the triumph of evil,
is for good men to do nothing.
- Edmund Burke
-----Original Message-----
From: Burton Strauss [mailto:BStrauss3@comcast.net]
Sent: Friday, February 18, 2005 8:11 AM
To: security-basics@securityfocus.com
Subject: RE: Simple Scan
ping (icmp protocol) != information about a particular port.
The icmp protocol operates at a higher level than a specific tcp or udp
port. Think of ICMP as a scooter, udp as a sports car and tcp as a SUV.
They all get information to/from places but payloads and overheads are
different. Just because a scooter gets somewhere doesn't mean that
there is
a parking spot for an SUV.
To probe something that specific, you need to craft some code that
attempts
to connect - using the right protocol (tcp or udp) and the right parking
space (port). Luckily there are many tools that already do this -
perhaps
the easiest to come by across a wide range of platforms is nmap
(http://www.insecure.org/nmap/)
Read the nmap man page - it has lots of choices, but these probably will
be
what you want:
-PT [portlist]
Use TCP "ping" to determine what hosts are up. Instead of
sending ICMP echo request packets and waiting for a
response, we spew out TCP ACK packets throughout the
target network (or to a single machine) and then wait for
responses to trickle back. Hosts that are up should
respond
with a RST. This option preserves the efficiency of
only scanning hosts that are up while still allowing you
to
scan networks/hosts that block ping packets. For non
root users, we use connect(). To set the destination
ports of
the probe packets use -PT<port1>[,port2][...]. The
default port is 80, since this port is often not filtered
out. Note that this option now accepts multiple, comma-
separated port numbers.
-PS [portlist]
This option uses SYN (connection request) packets instead
of
ACK packets for root users. Hosts that are up should
respond with a RST (or, rarely, a SYN|ACK). You can set
the
destination ports in the same manner as -PT above.
-PU [portlist]
This option sends UDP probes to the specified hosts,
expecting an ICMP port unreachable packet (or possibly a UDP
response if the port is open) if the host is up. Since
many
UDP services won't reply to an empty packet, your best
bet might be to send this to expected-closed ports rather
than
open ones.
-----Burton
-----Original Message-----
From: Paul Selibas [mailto:gotiex@yahoo.com]
Sent: Wednesday, February 16, 2005 1:14 AM
To: security-basics@securityfocus.com
Subject: Simple Scan
Greetings all...
I am looking for a way to check which hosts are up and have port 3321
open
on my network. But i dont want to ping, is there no way of just probing
port
3321 and reporting back if it is open or not?
Many Thanks
__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
- Previous message: Mark Spencer: "Free Webmail w/ SSL?"
- Maybe in reply to: Paul Selibas: "Simple Scan"
- Next in thread: Jeff Gercken: "RE: Simple Scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
