Shulou(Shulou.com)06/01 Report--

There are many kinds of port scanning. For more information, please see Baidu link: http://baike.baidu.com/link?url=eXz1gOvQVicbV0E6TrJZGAe8R9wQFCVPe84jmN-Eg0U1ZMfguO_9SKO4n96GAPEz

Some friends want to ask what is TCP's SYN scan? This is about to talk about the TCP connection, TCP is a reliable connection, before the connection to make a three-way handshake! I found the following picture directly on Baidu.

TCP port scanning is carried out through SYN packets, which is used to scan whether there is program listening on the port of the target machine. in general, if there is a program listening on a port on an ordinary personal machine, it is generally a system vulnerability. Because TCP is a reliable protocol with connections, a three-way handshake is used to establish a connection. The messages of the three-way handshake are (SYN), (ACK SYN) and (ACK), respectively. When scanning the port, first send (SYN) message to a port of the other host, if there is a program listening on this port (or there is a loophole), then reply (SYN ACK) message, otherwise reply (RST) message. Based on this, you can determine whether there is a program listening on the other side's port, or whether there is a loophole.

Let's use the port scan tool to scan the target computer:

Downloads are available on SSprot,51cto. In the following picture, I use the software to scan the port 3350-3390 of the target computer. The main purpose is to see whether the target computer has opened port 3389. During the experiment, I have opened 3389 on the target computer to ensure the success of the experiment.

First open the package capture software, and then start the port scanning tool SSport for fast scanning. You need to wait patiently for a while after the completion of the scan. As shown in the figure below, a large number of TCP packets are generated. If you stop grabbing packets immediately, some packets may still be transmitted.

After waiting patiently, we checked what packets were caught. For example, the scanning tool below sent a large number of syn packets. Because the target computer did not open these ports, it reported back to the scanning computer [RST,ACK] that I did not open these ports, that is to say, these ports of the target computer were not listening. (note that this must be when the firewall is off, if the firewall is on. The scanned target computer does not respond to unopened ports [RST,ACT], but does not respond directly.) what about 3389, aren't you open?

I pulled the view down a little bit, such as the following figure. Because 3389 of the target computer is open, the target computer responds to a [syn,ack] packet from the computer on which the scanning software is installed, indicating that port 3389 of the target computer is listening.

Let's see if the 3389 is successful through the telnet target computer.

The following figure shows the success of telnet

Summary: the above is the syn scan of TCP. In short, for the scanned PC, the reply [RST,ACK] indicates that the port is not open, and the reply [SYN,ACK] indicates that the port of the target computer is open.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.