Penetration testing found the three, four and found port scan

Others 2019-09-07 11:15:56 views: null

Three found

Priority: routable, faster

Disadvantages: slower speed than the second floor, is often filtered border firewall

Protocols: IP, icmp (story found mainly using arp protocol)

 

1、ping

ping 192.168.1.1 -c 2

ping  - R 192.168.1.1 / traceroute 192.168.1.1 

ping 192.168.1.1 -c 1 | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f  1

2、scapy

3, nmap (arp packets sent with the network, different network packet sent icmp)

nmap -sn 192.168.1.1-254

4、fping

fping 192.168.1.1 -c 1

fping -g 192.168.1.1 192.168.1.2 (End Start IP IP)

fping  -g 192.168.1.0/24

5、hping

You can send almost any Tcp / IP packets, powerful, but you can only scan a IP

hping3 192.168.1.1 --icmp -c 2

 

-------- found four (primary network identifying surviving host, more accurate identification than three, port-based)

Advantage: reliable results and routing, filtering firewall can not even be found that all ports are filtered host

Cons: may be filtered scan filtering firewall state-based, full port scan slow

protocol:

TCP:

Unsolicited ACK ------------- RST

SYN ----------------- SYN / ACK, RST

UDP: ICMP port unreachable, gone

1, scapy ---------- target IP exists has returned packages if the target IP does not exist, nothing is returned

TCP packet structure

>>> i=IP()
>>> t=TCP()
>>> r=(i/t)
>>> r[IP].dst="192.168.1.20"
>>> r[TCP].flags="A"
>>> r.display()

Screenshot after the success of

 

 

 Unsuccessful shots

 

2, nmap
nmap 192.168.1.1-254 -PU53 -sn ------------------------ U for UDP port
nmap 192.168.1.1-254 -PA80 - sn

nmap years iplist.txt 192.168.1.1-254 -PA80 sn

3、hping3

hping3 --udp 192.168.1.1 -c 1

 

Third, the port scan

nmap

UDP port

nmap -sU 192.168.1.0/24  /  192.168.1.1

nmap -sU -p1-65535 192.168.1.0/24

nmap years iplist.txt -sU -p1-65535

 

TCP scan

Covert scanning ------------ syn

Full link is not established, the application logs do not record scanning behavior --------- hidden

 scapy

a=sr1(IP(dst="192.168.1.1")/TCP(flags="S" ,dport=22),timeout=1,verbose=0)

 

 

 

 

 Indicates that the IP port is open when the time flags = SA

 

 

Zombie scan

Extremely covert embodiment harsh conditions, can be forged source IP address, select zombies (idle system, increasing system using the IPID)

 

Guess you like

Origin www.cnblogs.com/scorpios/p/11470664.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com