Three found
Priority: routable, faster
Disadvantages: slower speed than the second floor, is often filtered border firewall
Protocols: IP, icmp (story found mainly using arp protocol)
1、ping
ping 192.168.1.1 -c 2
ping - R 192.168.1.1 / traceroute 192.168.1.1
ping 192.168.1.1 -c 1 | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f 1
2、scapy
3, nmap (arp packets sent with the network, different network packet sent icmp)
nmap -sn 192.168.1.1-254
4、fping
fping 192.168.1.1 -c 1
fping -g 192.168.1.1 192.168.1.2 (End Start IP IP)
fping -g 192.168.1.0/24
5、hping
You can send almost any Tcp / IP packets, powerful, but you can only scan a IP
hping3 192.168.1.1 --icmp -c 2
-------- found four (primary network identifying surviving host, more accurate identification than three, port-based)
Advantage: reliable results and routing, filtering firewall can not even be found that all ports are filtered host
Cons: may be filtered scan filtering firewall state-based, full port scan slow
protocol:
TCP:
Unsolicited ACK ------------- RST
SYN ----------------- SYN / ACK, RST
UDP: ICMP port unreachable, gone
1, scapy ---------- target IP exists has returned packages if the target IP does not exist, nothing is returned
TCP packet structure
>>> i=IP()
>>> t=TCP()
>>> r=(i/t)
>>> r[IP].dst="192.168.1.20"
>>> r[TCP].flags="A"
>>> r.display()
Screenshot after the success of
Unsuccessful shots
2, nmap
nmap 192.168.1.1-254 -PU53 -sn ------------------------ U for UDP port
nmap 192.168.1.1-254 -PA80 - sn
nmap years iplist.txt 192.168.1.1-254 -PA80 sn
3、hping3
hping3 --udp 192.168.1.1 -c 1
Third, the port scan
nmap
UDP port
nmap -sU 192.168.1.0/24 / 192.168.1.1
nmap -sU -p1-65535 192.168.1.0/24
nmap years iplist.txt -sU -p1-65535
TCP scan
Covert scanning ------------ syn
Full link is not established, the application logs do not record scanning behavior --------- hidden
scapy
a=sr1(IP(dst="192.168.1.1")/TCP(flags="S" ,dport=22),timeout=1,verbose=0)
Indicates that the IP port is open when the time flags = SA
Zombie scan
Extremely covert embodiment harsh conditions, can be forged source IP address, select zombies (idle system, increasing system using the IPID)