Shulou(Shulou.com)05/31 Report--

This article introduces what the port scanning technology of NMAP is, the content is very detailed, interested friends can use it for reference, I hope it can be helpful to you.

What is a port?

Compare network equipment to a house, and the ports are the entrances and exits to and from the house (the strange thing is that there are too many entrances and exits to the house, as many as 65535), and these entrances and exits provide data to and from the network equipment.

The purpose of setting the port is to achieve "multiple uses of one machine", that is, to run many different services on one machine. So when there are multiple programs running on a machine, how does the machine distinguish the data of different programs?

This task is left to the operating system, which uses a mechanism to divide 65535 different port numbers. When the program sends the message, it will put the port number in the data, and after receiving the data, the operating system will divert the information according to the port number to the program that uses that port number in the current memory.

Classification of ports well-known ports

Port 0room1024, the port number in this range is the most commonly used, and these ports have been explicitly associated with a service protocol and should not be changed in general.

Register Port

1025 to 49151, the ports in this range are usually associated with some services, but it is not clearly specified that different programs can be defined according to the actual situation.

Dynamic / private port

39152-65535, this port range, commonly used services will not be used, but because it is more hidden, it has become a common port for some Trojans and virus programs.

Definition of Port State in NMAP

Open: indicates that the port is open and accepts packets from TCP and UPD

Closed: indicates that the port is accessible, but no application listens to the port

Filtered: the reason for this result is packet filtering on the target network, because these devices filter probe packets

Unfinished: indicates that the port is accessible, but cannot determine whether the port is open or closed

Various Port scanning techniques in NMAP SYN scanning

Principle

First of all, Nmap will send a SYN request connection packet to the target host system, and the target host system will respond to a SYN/ACK packet after receiving the packet, and Nmap will send a RST packet to disconnect after receiving the SYN/ACK packet. Since a complete TCP connection is not established after a three-way handshake, logging is no longer formed on the target host system. Therefore, this scanning method is more hidden.

Scan result

Open: the target host system gives a SYN/ACK packet as a reply

Closed: the target host system gives a RST packet as a reply

Filtered: target host system did not respond or nmap received ICMP unreachable error

Advantages

The scanning speed is fast and it is not easy to be detected by security devices in the network.

Commands and examples

Command syntax: nmap-sS [destination IP address]

Example: nmap-sS 192.168.21.1

Connect scanning

Similar to SYN scanning, but it completes TCP's three-way handshake and establishes a connection.

Commands and examples

Command syntax: nmap-sT [destination host ip address]

Example: nmap-sT 192.168.21.1

UDP scanning

Scan result

Open: receives a UDP reply from the destination port

Open | filtered: no response was received from the destination host

Closed:ICMP port unreachable error

Filtered:ICMP unreachable error

Commands and examples

Command syntax: nmap-sU [destination host ip address]

Example: nmap-sU 192.168.21.1

Zombie scanning

Scan using a third-party host

Conditions for third-party hosts: 1. 2.IPID at power on and idle must be integer incremented

Command

Looking for qualified third-party hosts

Nmap [third-party host ip address]-- scrip=ipidseq.nse

# scan results show "_ ipidseq:Incremental!" Indicates that the host can be used as a zombie machine

Scan the target host system

Nmap [destination host ip address]-sI [third party host ip address]-Pn

Specify the port to scan

1. Scan one or more designated ports

-p 80 /-p 80 no. 21443 /-p 1-1000

two。 Full port scan

-p *

On the NMAP port scanning technology is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.