The result is usually for some services after the change the port can not be by default port number for identification, such as Telnet SSH-SERVER service will generally be to modify the default login port number, displayed through general port scanning can be very port No, this situation can only be clearly scanning service analysis to run after the opening of the port is what service penetration goal.
Capture mode:
1.Banner capture
2. Service Recognition
3. The operating system recognizes
4.SNMP analysis
5. Firewall identification
Banner capture method may be forged low accuracy, generally referred to also modify the reinforcement schemes Banner information intentionally erroneously guide permeation analysis and determination of the target, only as a result of capturing a general Banner reference, information from Banner It can be extracted to the type of service targets, operating system version, application version and other information services. If the target is not an administrator improper operation of a series of measures to SNMP, SNMP can be analyzed to achieve better scan results.
Banner
You can explore to find software developers, software name, service type, version number (found directly known vulnerabilities and weaknesses).
After that target service to establish a complete link for Banner directly.
Recognition of alternative service:
Characteristic behavior and corresponding fields.
Different response may be used to identify the underlying operating system.
SNMP (easy to overlook)
Simple network management protocol
Community strings (default: public private)
Information query or reconfigured
Can be queried by default to authenticate directly to the public has been expressly preserved a variety of configuration information.
I am going to use hping3 a simple tool to scan ports, this tool only for the common port to record it does not reflect the destination port services are running ,
For example NMAP a powerful scanning tool can analyze the contents of the destination port for the packet is returned, the fingerprint analysis to services running on the target port.
Next on the use of drones to carry out my map is sshd telnet service is not modified port under test
The following is a port scan information after revision
Next, using a simple small Swiss Army knife to connect to this port 33422 Banner information to obtain a target port.
It can get to the destination port service information according to the information returned Banner:
Target information: the Debian operating system or ubuntu
Target service: a SSH-2.0 service pack from OpenSSH_4.7p1
You can also scan through a strong nmap port complete link
-p can specify a range of ports
For scanning mysql version information
