Problem: Want a listing of open network ports on your system
Solution: Probe your ports from a remote system.
Test a Specific TCP port(ssh):-
# telnet target.example.com ssh
# nc -v -z target.example.com ssh
To scan most of the interesting TCP ports:-
# nmap -v target.example.com
To test a specific UDP port (1024)
# nc -v -z -u target.example.com 1024
To scan most of the interesting UDP ports (slowly!)
# nmap -v -sU target.example.com
To do host discovery (only) for a range of address, without port scanning
# nmap -v -sP 10.12.104.200-222
To do OS fingerprinting
# nmap -v -O target.example.com
Namp command is a powerful and widely used tool for network security testing. It gathers information about target systems in three distinct phace:-
1. Host Discovery:
Initial probes to determine which machines are responding within an address range.
2. Port Scanning:
Test to find open ports that are not protected by firewalls, and are accepting connections
3. OS fingerprinting: Will get more details about the targets
To probe a single target, host name or address:
# nmap -v target.example.com
# nmap -v 10.12.200.115
-v option give more info, also can use -v -v option for more details
You can also scan a range of address:-
# nmap -v target.example.com/24
# nmap -v 10.12.200.115/24
# nmap -v 10.12.200.0-255
# nmap -v "10.12.200.*"
nmapfe is a graphical front end that run nmap with an appropriate command line.
Use nmap -P option if your tcp or icmp ping is blocked.
The goal of host discovery is to avoid wasting time performing port scanning for unused addresses.If you know your targets are up you can disable host discovery with the -P0(zero) option.
The simplest way to test a tcp port is to try to connect with telnet.
The port might be open,
# telnet target.example.com ssh
trying target.example.com.....
connecting to target.example.com.
Escape character is '^]'.
or closed(ie, passed by the firewall, but having no server accepting connections on the target)
# telnet target.example.com 33333
trying target.example.com.....
telnet: connection to address 10.12.19.99: connection refused
or blocked(filtered by firewall):
# telnet target.example.com 137
trying target.example.com.....
telnet: connection to address 10.12.19.99: connection timed out
The nc command is an even better way to probe ports:
# nc -z -vv target.example.com ssh 33333 137
target.example.com [10.12.19.99] 22 (ssh) open
target.example.com [10.12.19.99] 33333 (?):Connection refused
target.example.com [10.12.19.99] 137 (netbios-ns):Connection timed out
The -z option requests a probe, without transferring any data.
UDP ports are harder to probe than TCP ports, because packet delivery is not guaranteed.
Solution: Probe your ports from a remote system.
Test a Specific TCP port(ssh):-
# telnet target.example.com ssh
# nc -v -z target.example.com ssh
To scan most of the interesting TCP ports:-
# nmap -v target.example.com
To test a specific UDP port (1024)
# nc -v -z -u target.example.com 1024
To scan most of the interesting UDP ports (slowly!)
# nmap -v -sU target.example.com
To do host discovery (only) for a range of address, without port scanning
# nmap -v -sP 10.12.104.200-222
To do OS fingerprinting
# nmap -v -O target.example.com
Namp command is a powerful and widely used tool for network security testing. It gathers information about target systems in three distinct phace:-
1. Host Discovery:
Initial probes to determine which machines are responding within an address range.
2. Port Scanning:
Test to find open ports that are not protected by firewalls, and are accepting connections
3. OS fingerprinting: Will get more details about the targets
To probe a single target, host name or address:
# nmap -v target.example.com
# nmap -v 10.12.200.115
-v option give more info, also can use -v -v option for more details
You can also scan a range of address:-
# nmap -v target.example.com/24
# nmap -v 10.12.200.115/24
# nmap -v 10.12.200.0-255
# nmap -v "10.12.200.*"
nmapfe is a graphical front end that run nmap with an appropriate command line.
Use nmap -P option if your tcp or icmp ping is blocked.
The goal of host discovery is to avoid wasting time performing port scanning for unused addresses.If you know your targets are up you can disable host discovery with the -P0(zero) option.
The simplest way to test a tcp port is to try to connect with telnet.
The port might be open,
# telnet target.example.com ssh
trying target.example.com.....
connecting to target.example.com.
Escape character is '^]'.
or closed(ie, passed by the firewall, but having no server accepting connections on the target)
# telnet target.example.com 33333
trying target.example.com.....
telnet: connection to address 10.12.19.99: connection refused
or blocked(filtered by firewall):
# telnet target.example.com 137
trying target.example.com.....
telnet: connection to address 10.12.19.99: connection timed out
The nc command is an even better way to probe ports:
# nc -z -vv target.example.com ssh 33333 137
target.example.com [10.12.19.99] 22 (ssh) open
target.example.com [10.12.19.99] 33333 (?):Connection refused
target.example.com [10.12.19.99] 137 (netbios-ns):Connection timed out
The -z option requests a probe, without transferring any data.
UDP ports are harder to probe than TCP ports, because packet delivery is not guaranteed.
No comments:
Post a Comment