Skip to main content
Hashnodepsk-study

Command Palette

Search for a command to run...

Active Scanning-Port Scanning

Updated
3 min read
박서경
Part of seriesSecurity Notes

Reconnaissance-Active Scanning→Port Scanning

Types of Port Scanning

Port Scanning plays a critical role in network security, allowing both security professionals and attackers to identify potential vulnerabilities in a system. By scanning ports, security experts can identify and patch security weaknesses, preventing unauthorized access. However, attackers can use these techniques to exploit open ports for gaining unauthorized access. Therefore, both understanding and defending against port scans are essential for securing systems.

Port scanning techniques can vary, and here are the main types:

1. TCP Connect Scan

  • Method: This scan attempts to establish a full TCP connection with the target system to identify open ports. It uses the system's built-in connection mechanisms

  • Features: It's a basic method, reliable, but more likely to be detected by the target system due to the connection attempts.

  • Example:

      nmap -sT target-ip

2. SYN Scan (Half-Open Scan)

  • Method: The attacker sends a SYN packet to the target, waits for the SYN-ACK response, and then aborts the connection by sending an RST packet. This helps determine open ports without completing the connection.

  • Features: It’s fast, effective, and harder to detect than TCP connect scans.

  • Example:

      nmap -sS target-ip

3. UDP Scan

  • Method: This scan sends UDP packets to the target system. If there is no response, the port is considered open. If a response is received, the port is considered closed

  • Example:

      nmap -sU target-ip

- Port Open : (noting, or correct udp)응답이 없거나, 정상 UDP 응답 발생

- Port Close : ICMP Unreachable (Type:3 - Destination Unreacable, Code:3 - Port Unreachable)

4. Xmas Scan

  • Method: This scan sends a packet with the FIN, PSH, and URG flags set, known as an Xmas packet.

  • Example:

      nmap -sX target-ip

5. FIN Scan

  • Method: This scan sends FIN flag packets to the target, and if there is no response, the port is assumed to be open.

  • Example:

      nmap -sF target-ip

6. NULL Scan

  • Method: A Null Scan sends a packet with no flags set.

  • Example:

nmap -sN target-ip

FIN, Xmas, NULL

  • if RST → Closed

  • if nothing→ 1. port close / 2. Firewall

7. ACK Scan

  • Method: This scan sends ACK packets to identify firewall or packet filtering devices between the attacker and the target system.

  • Features: It's used mainly for detecting firewalls or filtering systems rather than finding open ports

  • Example:

      nmap -sA target-ip

    • F/W Filtered: No response or receiving Destination Unreachable.

      • F/W Unfiltered: Receiving RST response, regardless of whether the port is open or closed.
#active-scanning#reconnaissance#port-scanning

Comments

Join the discussion

No comments yet. Be the first to comment.

Security Notes

Part 4 of 14

A collection of security-related topics that are interesting, useful, or easy to get wrong in real systems. Notes on vulnerabilities, cryptography, system security, and practical lessons.

Up next

Port Scanning-Nmap

Nmap Nmap (Network Mapper) is an open-source tool widely used for network discovery and security auditing. Nmap is primarily used for port scanning and network exploration, helping to identify running services and operating systems on a network, and ...

More from this blog

psk-study

134 posts