» » Scanning Phase | Hacking Phases | TCP/IP | Full Open Scan | Half Open Scan | Xmas Scan
Monday, July 27, 2020

Scanning 

Introduction


Scanning is the second phase of hacking, its a set of procedures for identifying hosts,ports and services in a network.In this phase the attacker will find all the details about the target which includes  how many computers they have Server Operating System, Open Ports in a server OS etc.


Scanning Phase

TCP Communication Flag

Flag can be said as signals,or connection status, as our real flag which is representing various countries the TCP flag will represent various connection status in a communication,
  • URG- Urgent Flag represents that packet should be processed immediately.
  • FIN- Finish Flag represents that there will be no more transmission.
  • RST-Reset this flag will reset a communication.
  • PSH- PUSH this flag is to make server to send all the buffered data immediately.
  • ACK-Acknowledgement  flag states that service is received
  • SYN-Synchronize flag indicates connection between host.

TCP /IP communication

TCP/ IP transmission Control Protocol / Internet Protocol is communication protocol best to known about the reliability because of the 3 way handshake.

                                                        Three way handshake

In TCP/IP communication when client request for a service this is represented using SYN flag

After receiving the SYN flag the server understands the client need  a service so the server provides the requested service to the client. While providing the service the server will send SYN+ACK flag to represent that requested service is provided.

When the client  receives the requested service it will respond the server that it received the requested service through ACK flag 

This method is called 3 way handshake.

TCP / IP is said to be reliable method because of this three way hand shake


because each state is been verified using 3 way hand shake, suppose if any of the state is effected by errors, like client haven't received the service the server will resend the requested service once again because if service is not received client will not send ACK so server will understand that service is not reached.


TCP Connect / Full Scan

FULL OPEN SCAN

In TCP Connect / Full open scan  the attacker checks the port is open by completing the three way handshake

TCP connect scan establish full connection and terminate the connection by RST packet


Stealth Scan / Half Open Scan

                                                         Half Open Scan

Stealth scan involves resetting  TCP connection before a three way hand shake is completed.

After receiving SYN+ACK flag from server attacker send RST flag and terminate the connection.


XMAS Scan

                                                           PORT IS OPEN

Th attacker send FIN+URG+PUSH flag set. If the target port is open the machine will not respond to this  flag set.

                                                                PORT Closed

If the post is closed machine will send a RST flag immediately 











on July 27, 2020
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)