2. it
  3. Unit 3: Port Scanning 3.3 Activity and Discussion Activity: SYN Scan

Unit 3: Port Scanning 3.3 Activity and Discussion Activity: SYN Scan

mac2022-06-30  23

ACTIVITY: SYN SCAN

This activity is ungraded.

Remember: Watch this Demo video. Seeing me complete the activity first will help you understand each of the steps.

SYN Scan Demo

System: During this activity, you’ll use the Kali VM and Wireshark as you did in the packet sniffing exercises in Unit 1.

Instructions for installing and launching the Kali VM and Wireshark.

Time: This activity should take you 5 to 10 minutes to complete.

Goal

To execute a SYN scan and interpret the results

Instructions

Note: During this activity, replace these references, italicized in the instructions, with your local IP addresses:

Kali VM: 192.168.1.104Windows IP: 192.168.1.101

Note: You will get different results depending on whether your Windows Firewall is on or off.

Note: Hit Enter after each command.

Start VMware, and launch your Kali VM. Make sure the NIC is set to Bridged mode.In Kali, open up a terminal, enter nmap | less. We see a very detailed help output. As you can see, nmap does more than port scanning, including host discovery, service and version detection, and much more.Open up a Windows Command Line Interface on your host machine, and enter ipconfig, to get the IP address of your host machine.Let’s start sniffing with Wireshark on the Windows machine, and filter by the IP address of the Kali VM: ip.addr==192.168.1.104 (substitute the IP address of your Kali box).To get the Kali IP address, open up a terminal and enter ip a. The IP address will be listed in the eth0 section.When the scan type is not specified, nmap uses a SYN scan. Enter nmap followed by the IP address of your Windows host machine, for instance, nmap 192.168.1.101.(For the rest of the assignment, I will use 192.168.1.101 as the IP address of the Windows host machine. Substitute the IP address of your Windows host machine in those places.)Notice that the output reveals ports, and their related service names, indicative of a Windows system.Stop the capture in Wireshark.Change the filter to tcp.port==445.

You’ll notice that after the Kali box sent the SYN, the open port 445 sent a SYN/ACK. Then, the Kali box closed the connection with an RST. Compare that to the sequence related to the scanning of port 21. The Kali box sent the SYN, but since port 21 is closed (unless you’re running an FTP server), on the Windows host machine, the Windows host machine responded back with an RST, that closed the connection, and said “Sorry, no FTP server here!”

After you've finished, answer the Check Your Work questions.

转载于:https://www.cnblogs.com/sec875/articles/10028423.html

相关资源:JAVA上百实例源码以及开源项目
最新回复(0)