A Breif Overview On Types Of Port Scanning

Port scanning is the process of connecting to TCP and UDP ports on the target system to determine what services are running or in a listening state. Identifying listening ports is essential to determine the type of operating system and application in use on the system.

Types of port scanning:
  1. TCP connect scan: This type of scan connects to the target port and completes a full three-way handshake(SYN, SYN/ACK and ACK).
  2. TCP SYN scan: This is also called half-open scanning because it does not complete the three-way handshake, rather a SYN packet is sent and upon receiving a SYN/ACK packet it is determined that the target machines port is in a listening state and if an RST/ACK packet is received , it indicates that the port is not listening.
  3. TCP FIN scan: This technique sends a FIN packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports.
  4. TCP Xmas Tree scan: This technique sends a FIN, URG and PUSH packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports.
  5. TCP Null scan: This technique turns off all flags and based on RFC 793, the target system should send back an RST for all closed ports.
  6. TCP ACK scan: This technique is used to map out firewall rule sets. It can help determine if the firewall is a simple packet filter allowing only established connections or a stateful firewall performing advance packet filtering.
  7. TCP Windows scan: This type of scan can detect both filtered and non-filtered ports on some systems due to anomaly in the way TCP windows size is reported.
  8. TCP RPC scan: This technique is specific to UNIX systems and is used to detect and identify Remote Procedure Call (RPC) ports and their associated program and version number.
  9. UDP scan: This technique sends a UDP packet to the target port. If the target ports responds with an "ICMPport unreachable" message, the port is closed, if not then the port is open. This is a slow process since UDPis a connectionless protocol; the accuracy of this technique is dependent on many factors related to utilization of network and system resources.


Post a Comment