port scanning
Results 1 to 8 of 8

Thread: port scanning

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    23

    port scanning

    Just have a question about port scanning cos Im designing documentation at the moment for a firewall simulation program. Does port scanning involve sending ICMP requests to check if ports are open which is similar to pinging IP addresses ????

    many thanks

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Does port scanning involve sending ICMP requests to check if ports are open which is similar to pinging IP addresses ??
    It depends on the scanner and the scan options available. For info on the scan options available with, Nmap:
    Take a look here: http://www.insecure.org/nmap/data/nmap_manpage.html
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Does port scanning involve sending ICMP requests?
    ICMP does not rely on port numbers for commucation. rather, ICMP messages are sent with a "type" and "code" field, specifiying what it is to do. For example, ICMP type 8 is an echo request, otherwise known as a ping. ICMP type 0 is an echo reply. Type 3 is destination unreachable, and the "code" field further explains the reason, such as Type 3 Code 0 meaning "network unreachable" and Type 3 Code 1 meaning "host unreachable"

    Since ICMP communications do not rely on port numbers, it cannot be used to determine if certain ports are open (in other words, if there is an active sevice listening on that port). For this purpose, the communication protocol used by the (possibly) listeneing service is used. If a reply is sent back, that port is open. It's as simple as that.

    ICMP packets are commonly used in what is known as "ping sweeps", pinging a range of addresses to see if any are up. This is a common method used to determine which hosts are up to further direct port scans which [i]do[/] rely on port numbers.

    For more information, I suggest looking here, or here.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    I just have one quick question i am getting a old comp in a few days and wanted to know if i took them and connected them togeather with a crossover cable would i be able to port scann one of the computers from the other? My ideay was to take the old comp i am getting and put redhat on it and make it server some stuff then try to hack it to see what i can do.

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Should work well, for your purpose. Riot.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    K thanks for your help.

  7. #7
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    The only 2 scanners that I'm aware of that attempt to ping hosts before scans are nmap and scanline(windows). Of course it doesn't ping the port because this isn't possible, but it does ping the host to see if it is up and worthy of a scan attempt.

    For nmap: To disable this pinging feature, run nmap with the -P0 option.

    For Scanline: -p


    Cheers
    The command completed successfully.


    \"They drew first blood not me.\"

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207

    Re: port scanning

    Originally posted here by Java_Jimsta
    Does port scanning involve sending ICMP requests to check if ports are open?
    No, it does not. There is no ICMP message to check whether a port is open. Instead, the scanner just starts to make a normal connection request to that port. For TCP, this means trying to connect to it (they don't always go all the way though, some "hang up" half way through establishing a connection). For UDP, it typically means sending an empty packet to the port (as there are no connections on UDP).

    For TCP, the responses is either a SYN|ACK, which means the port is open, a RST which means the port is closed, or nothing which means, well, nothing.

    For UDP, the possible responses are:
    - Nothing - which *could* indicate the port is open and the application doesn't respond to empty datagrams.
    - An ICMP port unreachable message - which *should* indicate the port is closed
    - A UDP response - which indicates that you've hit a service which responds to empty datagrams.

    UDP scanning is fairly unreliable because you can't distinguish a firewalled port and an open one in most cases.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •