port scanning

[Java_Jimsta]

Just have a question about port scanning cos Im designing documentation at the moment for a firewall simulation program. Does port scanning involve sending ICMP requests to check if ports are open which is similar to pinging IP addresses ????

many thanks

[jinxy]

Does port scanning involve sending ICMP requests to check if ports are open which is similar to pinging IP addresses ??

It depends on the scanner and the scan options available. For info on the scan options available with, Nmap:
Take a look here: http://www.insecure.org/nmap/data/nmap_manpage.html

[Striek]

Does port scanning involve sending ICMP requests?

ICMP does not rely on port numbers for commucation. rather, ICMP messages are sent with a "type" and "code" field, specifiying what it is to do. For example, ICMP type 8 is an echo request, otherwise known as a ping. ICMP type 0 is an echo reply. Type 3 is destination unreachable, and the "code" field further explains the reason, such as Type 3 Code 0 meaning "network unreachable" and Type 3 Code 1 meaning "host unreachable"

Since ICMP communications do not rely on port numbers, it cannot be used to determine if certain ports are open (in other words, if there is an active sevice listening on that port). For this purpose, the communication protocol used by the (possibly) listeneing service is used. If a reply is sent back, that port is open. It's as simple as that.

ICMP packets are commonly used in what is known as "ping sweeps", pinging a range of addresses to see if any are up. This is a common method used to determine which hosts are up to further direct port scans which [i]do[/] rely on port numbers.

For more information, I suggest looking here, or here.

[Riot]

I just have one quick question i am getting a old comp in a few days and wanted to know if i took them and connected them togeather with a crossover cable would i be able to port scann one of the computers from the other? My ideay was to take the old comp i am getting and put redhat on it and make it server some stuff then try to hack it to see what i can do.

[jinxy]

Should work well, for your purpose. Riot.

[Riot]

K thanks for your help.

[br_fusion]

The only 2 scanners that I'm aware of that attempt to ping hosts before scans are nmap and scanline(windows). Of course it doesn't ping the port because this isn't possible, but it does ping the host to see if it is up and worthy of a scan attempt.

For nmap: To disable this pinging feature, run nmap with the -P0 option.

For Scanline: -p


Cheers

[slarty]

Originally posted here by Java_Jimsta
Does port scanning involve sending ICMP requests to check if ports are open?

No, it does not. There is no ICMP message to check whether a port is open. Instead, the scanner just starts to make a normal connection request to that port. For TCP, this means trying to connect to it (they don't always go all the way though, some "hang up" half way through establishing a connection). For UDP, it typically means sending an empty packet to the port (as there are no connections on UDP).

For TCP, the responses is either a SYN|ACK, which means the port is open, a RST which means the port is closed, or nothing which means, well, nothing.

For UDP, the possible responses are:
- Nothing - which *could* indicate the port is open and the application doesn't respond to empty datagrams.
- An ICMP port unreachable message - which *should* indicate the port is closed
- A UDP response - which indicates that you've hit a service which responds to empty datagrams.

UDP scanning is fairly unreliable because you can't distinguish a firewalled port and an open one in most cases.

Slarty