Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Tutorial Port Scanning Process Analysis

Tutorial thread

priv8

Private
DFM Member
Joined
Nov 9, 2021
Messages
47
Reaction score
418
DragonCoin
7,214
Today we are going to talk about a common scanning style that is said to be part of the root styles of all port scanners, and basically look at the following parts of the process.

This style uses the three-step TCP hand-shake method to communicate and evaluate whether the port is open, closed, or filtered.

This widely used method is the default method of most port scanners, even flexible scanner ports such as nmap, known as SYN, which is the name of the first packet sent in this method.

When interacting with a TCP service, communication is formed by a three-step handheld, in which a SYN packet is first sent to a TCP port containing the service, for example HTTP port 80 or SMTP port 25 or POP3 port 110 and ...

In the second step, the server receives the SYN packet and responds with a SYN ACK

In the third step, the SYN ACK client responds to the received ACK

After these three steps, a connection is formed and the interaction and exchange of information is formed, the following image:
1.png
In the example in the image above, the firewall allows packets to pass through and a connection is formed. The firewall that appears in all of the example images can be a hardware node or a type of installed software.

Preventing unwanted packets from entering the system can be considered as a firewall function

In this example, the packet is sent to port 81, which is not a method service, and the firewall is configured to block access to it, as shown below:
2.png
A filtered port result after scanning by nmap indicates that the port did not receive the SYN packet, and the packet was rejected by the firewall

In the image below, you can see the monitor of the above image process by Weirshark, which, as mentioned, left the request unanswered:
3.png
But when the port message is not open after receiving the scan, it means that the service is not running on the desired port, but the firewall allowed to pass to the packet

In the example below, the packet we sent to port 81 did not have the service running (as in the previous example), but the firewall still allowed the packet to pass through, which is usually caused by an incorrect system administrator configuration:
4.png
As well as the image process monitor by Weirshark:
5.png

As for receiving the result of the port being open, in this case our initial SYN packet was answered with the appropriate answer, ie SYN ACK (which is provided by the service on the port) and in the third part, it was shaken (because we became aware of the port being open and did not need to Not continued) To prevent connection, instead of responding with ACK, we respond with an RST packet reset to cancel the connection, the following image:
6.png
 

Braderlala

Private
DFM Member
Joined
Jun 6, 2021
Messages
79
Reaction score
1,537
DragonCoin
1,901
Today we are going to talk about a common scanning style that is said to be part of the root styles of all port scanners, and basically look at the following parts of the process.

This style uses the three-step TCP hand-shake method to communicate and evaluate whether the port is open, closed, or filtered.

This widely used method is the default method of most port scanners, even flexible scanner ports such as nmap, known as SYN, which is the name of the first packet sent in this method.

When interacting with a TCP service, communication is formed by a three-step handheld, in which a SYN packet is first sent to a TCP port containing the service, for example HTTP port 80 or SMTP port 25 or POP3 port 110 and ...

In the second step, the server receives the SYN packet and responds with a SYN ACK

In the third step, the SYN ACK client responds to the received ACK

After these three steps, a connection is formed and the interaction and exchange of information is formed, the following image:
View attachment 15599
In the example in the image above, the firewall allows packets to pass through and a connection is formed. The firewall that appears in all of the example images can be a hardware node or a type of installed software.

Preventing unwanted packets from entering the system can be considered as a firewall function

In this example, the packet is sent to port 81, which is not a method service, and the firewall is configured to block access to it, as shown below:
View attachment 15600
A filtered port result after scanning by nmap indicates that the port did not receive the SYN packet, and the packet was rejected by the firewall

In the image below, you can see the monitor of the above image process by Weirshark, which, as mentioned, left the request unanswered:
View attachment 15601
But when the port message is not open after receiving the scan, it means that the service is not running on the desired port, but the firewall allowed to pass to the packet

In the example below, the packet we sent to port 81 did not have the service running (as in the previous example), but the firewall still allowed the packet to pass through, which is usually caused by an incorrect system administrator configuration:
View attachment 15602
As well as the image process monitor by Weirshark:
View attachment 15603

As for receiving the result of the port being open, in this case our initial SYN packet was answered with the appropriate answer, ie SYN ACK (which is provided by the service on the port) and in the third part, it was shaken (because we became aware of the port being open and did not need to Not continued) To prevent connection, instead of responding with ACK, we respond with an RST packet reset to cancel the connection, the following image:
View attachment 15604
Thanks sharinggšŸ¤©šŸ¤©
 
Top