Security Basics mailing list archives
RE: Simple Scan
From: "Burton Strauss" <BStrauss3 () comcast net>
Date: Fri, 18 Feb 2005 07:10:38 -0600
ping (icmp protocol) != information about a particular port. The icmp protocol operates at a higher level than a specific tcp or udp port. Think of ICMP as a scooter, udp as a sports car and tcp as a SUV. They all get information to/from places but payloads and overheads are different. Just because a scooter gets somewhere doesn't mean that there is a parking spot for an SUV. To probe something that specific, you need to craft some code that attempts to connect - using the right protocol (tcp or udp) and the right parking space (port). Luckily there are many tools that already do this - perhaps the easiest to come by across a wide range of platforms is nmap (http://www.insecure.org/nmap/) Read the nmap man page - it has lots of choices, but these probably will be what you want: -PT [portlist] Use TCP "ping" to determine what hosts are up. Instead of sending ICMP echo request packets and waiting for a response, we spew out TCP ACK packets throughout the target network (or to a single machine) and then wait for responses to trickle back. Hosts that are up should respond with a RST. This option preserves the efficiency of only scanning hosts that are up while still allowing you to scan networks/hosts that block ping packets. For non root users, we use connect(). To set the destination ports of the probe packets use -PT<port1>[,port2][...]. The default port is 80, since this port is often not filtered out. Note that this option now accepts multiple, comma- separated port numbers. -PS [portlist] This option uses SYN (connection request) packets instead of ACK packets for root users. Hosts that are up should respond with a RST (or, rarely, a SYN|ACK). You can set the destination ports in the same manner as -PT above. -PU [portlist] This option sends UDP probes to the specified hosts, expecting an ICMP port unreachable packet (or possibly a UDP response if the port is open) if the host is up. Since many UDP services won't reply to an empty packet, your best bet might be to send this to expected-closed ports rather than open ones. -----Burton -----Original Message----- From: Paul Selibas [mailto:gotiex () yahoo com] Sent: Wednesday, February 16, 2005 1:14 AM To: security-basics () securityfocus com Subject: Simple Scan Greetings all... I am looking for a way to check which hosts are up and have port 3321 open on my network. But i dont want to ping, is there no way of just probing port 3321 and reporting back if it is open or not? Many Thanks __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250
Current thread:
- Simple Scan Paul Selibas (Feb 17)
- RE: Simple Scan Burton Strauss (Feb 19)
- RE: Simple Scan dave kleiman (Feb 19)
- RE: Simple Scan Brandon Enright (Feb 19)
- <Possible follow-ups>
- RE: Simple Scan Stephane Auger (Feb 19)
- RE: Simple Scan Paris E. Stone (Feb 24)
- RE: Simple Scan Jeff Gercken (Feb 24)