Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

Slides:



Advertisements
Similar presentations
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Advertisements

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
Communication Protocols II Ninth Meeting. TCP/IP family.
Transmission Control Protocol (TCP) Basics
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Chapter 7 – Transport Layer Protocols
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
TELE202 Lecture 14 TCP/UDP (2) 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »TCP/UDP (1) »Source: chapter 17 ¥This Lecture »TCP/UDP (2) »Source: chapter.
TRANSPORT LAYER  Session multiplexing  Segmentation  Flow control (TCP)  Connection-oriented (TCP)  Reliability (TCP)
CCNA 1 v3.1 Module 11 Review.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
Transport Layer TCP and UDP IS250 Spring 2010
Chapter 4 OSI Transport Layer
Gursharan Singh Tatla Transport Layer 16-May
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.
Process-to-Process Delivery:
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
FTP (File Transfer Protocol) & Telnet
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
CCNA1 v3 Module 11 v3 CCNA 1 Module 11 JEOPARDY S Dow.
Chapter 4 TCP/IP Overview Connecting People To Information.
1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 3 Transport Layer.
TCP/IP Transport and Application (Topic 6)
1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.
Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
1 CS 4396 Computer Networks Lab TCP/IP Networking An Example.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
1 Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Hands-On Ethical Hacking and Network Defense
Transport Protocols.
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
01_NF_Ch04 – OSI Transport Layer ( 傳輸層 ) Source: CCNA Exploration.
TCP/IP Protocol Suite ©Richard L. Goldman September 25, 2002.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
(Kapitel 23: Congestion control and QoS översiktligt.)
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Process-to-Process Delivery
© 2003, Cisco Systems, Inc. All rights reserved.
CCNA 2 v3.1 Module 10 Intermediate TCP/IP
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Process-to-Process Delivery:
Transport Protocols An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
PART V Transport Layer.
PART 5 Transport Layer.
CS 1302 Computer Networks — Unit - 4 — — Transport Layer —
Lecture 21 and 22 5/29/2019.
Process-to-Process Delivery: UDP, TCP
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Transport Layer 9/22/2019.
Presentation transcript:

Scanning CS391

Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

The TCP Protocol  Transmission Control Protocol (the transport layer of the Internet).  Connection oriented.  Reliable.  Point-to-point  Flow control

TCP  Overview application transport network data link physical application transport network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical logical end-end transport

TCP Header

Flags FlagDescription URG The value of the urgent pointer field is valid. ACK The value of the acknowledgment field is valid. PSH Push the data. RST The connection must be reset. SYN Synchronize sequence numbers during connection. FIN Terminate the connection.

Connection Establsihment

Some Well Known Ports PortProtocolDescription 7Echo Echoes a received datagram back to the sender 9Discard Discards any datagram that is received 11Users Active users 13Daytime Returns the date and the time 17Quote Returns a quote of the day 19Chargen Returns a string of characters 20 FTP, Data File Transfer Protocol (data connection) 21 FTP, Control File Transfer Protocol (control connection) 23TELNET Terminal Network 25SMTP Simple Mail Transfer Protocol 53DNS Domain Name Server 67BOOTP Bootstrap Protocol 79FingerFinger 80HTTP Hypertext Transfer Protocol 111RPC Remote Procedure Call

Scanning  Objectives: Determining if the system is alive. Determining if the system is alive. Determining which services are running or listening. Determining which services are running or listening. Detecting the operating system. Detecting the operating system.

System Alive?  The major technique is to use ping sweeps or similar techniques.  Tools such as fping or supersacn may be used.

What processes are running or listening?  Identify both TCP and UDP services running on the target system.  Identify applications or versions of services running.

Scan types  TCP connection.  TCP SYN scan.  TCP FIN scan.  TCP NULL scan.  TCP ACK scans.

tools  Netcat.  Strobe.  Nmap.  Superscan

Detecting OS  The major technique is known as stack fingerprinting.  The general idea is to send packets to the target and analyze the reply.  Operating systems differ in their implementation of TCP/IP protocol stack.

Examples  FIN probe: OS’s differ in their response to a FIN packet.  TCP initial window size: unique for some implementations.

Tools  NMAP

inetnum: netname: NESMA descr: National Engineering Services descr: and Marketing Company Ltd. (NESMA) country: SA admin-c: NAR12-RIPENAR12-RIPE tech-c: NTR2-RIPENTR2-RIPE status: ASSIGNED PA mnt-by: NESMA-MNTNESMA-MNT source: RIPE # Filtered person: NESMA ADMIN RIPE address: National Engineering Services and Marketing Company Ltd. address: NESMA - Internet Services address: P.O. Box , Riyadh KSA phone: fax-no: nic-hdl: NAR12-RIPE source: RIPE # Filtered person: NESMA Tech RIPE address: National Engineering Services and Marketing Company Ltd. address: NESMA - Internet Services address: P.O. Box , Riyadh KSA phone: fax-no: nic-hdl: NTR2-RIPE source: RIPE # Filtered % Information related to ' /19AS24731' route: /19 descr: National Engineering Services and Marketing Company Ltd. origin: AS24731AS24731 mnt-by: NESMA-MNTNESMA-MNT source: RIPE # Filtered

Banner Grabbing   $ nc   HEAD / HTTP/1.0   HTTP/ OK   Date: Mon, 16 Jun :53:29 GMT   Server: Apache/1.3.3 (Unix) (Red Hat/Linux)   Last-Modified: Wed, 07 Oct :18:14 GMT   ETag: " b-361b4df6"   Accept-Ranges: bytes   Content-Length: 1179   Connection: close   Content-Type: text/html   $

Banner Grabbing   HTTP/ OK   Server: Microsoft-IIS/5.0   Expires: Tue, 17 Jun :41:33 GMT   Date: Mon, 16 Jun :41:33 GMT   Content-Type: text/html   Accept-Ranges: bytes   Last-Modified: Wed, 28 May :32:21 GMT   ETag: "b0aac0542e25c31:89d"   Content-Length: 7369