Shulou(Shulou.com)06/01 Report--

Port scanning plays a very important role in the system. Before understanding port scanning, it is necessary to know some knowledge of TCP protocol and three-way handshake.

1. TCP protocol

The TCP message format is shown in the following figure:

Some of the more important fields are:

Reset bit RST: when RST=1 indicates a serious error in the TCP connection (such as due to a host crash or other reason), the connection must be released and then re-established.

Synchronization bit SYN: the synchronization bit SYN is set to 1, which means that this is a connection request or connection acceptance message.

Termination bit FIN: used to release a connection. When FIN=1, it indicates that the data of the sender of this message has been sent and the connection is required to be released.

The process of establishing a connection with a three-way handshake in TCP:

two。 Port scan Typ

Port scanning is an attempt to establish a connection with some ports of the target host. If the port of the target host replies, it means that the port is open, that is, the "active port". Through port scanning, you can determine which services are open and what kind of operating system is running on the target host, so that you can use the appropriate means to carry out *.

According to the scanning principle, port scanning can be divided into the following categories: full TCP scan, semi-open scan (SYN scan), FIN scan.

(1) full TCP scan

This scanning method uses a three-way handshake to establish a standard TCP connection with the target computer. But this scanning method can be easily recorded by the target host.

(2) semi-open scan (SYN scan)

In this scanning mode, the scanning host sends a SYN segment to the designated port of the target computer, indicating that a connection establishment request is sent.

If the SYN=1,ACK=1 in the target computer's response TCP message indicates that the port is active, then the scanning host sends a RST to the target host and refuses to establish a TCP connection, resulting in the failure of the three-way handshake process.

If the response from the target computer is RST, it means that the port is a "dead port", in which case the scanning host does not have to respond.

SYN scanning, because the full connection has not been established during the scanning process, so it greatly reduces the possibility of being recorded by the target computer, and speeds up the scanning speed.

(3) FIN scanning

When a FIN=1 TCP message is sent to a closed port, the message is dropped and a RST message is returned. But when a FIN message is sent to an active port, the message is simply dropped and no response is returned.

The FIN scan does not involve any TCP connections, so this scan is safer than the first two and can be called a secret scan.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.