Ethical Hacking Week 6
In this week, we are learning about port scanning. Firstly we learn that the port from 0-1023 is also known as a well-known port. Next, we learn that the best way to learn port scanning is to practice it. Vulnerabilities can only be found in an open port, and by using port scanning we look for open ports, closes ports, filtered ports (Ports behind a firewall) and best-guess assessment of OS.
A few port scanning tools is nmap, nessus, and zenmap. Zenmap is nmap with user interface.
Here is an example of nmap tools being used to scan a web for open ports.
Here is an example of zenmap, it is nmap tools with user interface.
Next we learn to send ICMP echo request using hping command.
“Hping 3 –p <ip> -p 8081 –a 8.8.8.8 –S” is a command to send ICMP request to a device.
There are different types of scan when doing port scanning:
- SYN Scan (Most Common)
- Connect Scan
- NULL Scan
- XMAS Scan
- ACK Scan
- FIN Scan
- UDP Scan
Above is a wireshark scan of when my computer is ping-ing a 1.1.1.1 server which is a cloudflare DNS server. We can see that the computer is sending a ICMP packets of type 8 and code 0 to the server. And we get a ping reply of type 0 and code 0.
Next we try to send a SYN scan to pentest.id by using the command below “nmap -sS pentest.id”
and we can see the result of the wireshark scan in the image below. We can see how we send a SYN packet and receive a ACK packet in return. Once it has been accepted we send a RST packet to end the process.
