This comes from the fact that it doesn’t complete the three-way handshake. The SYN scan is popular because it is faster. In fact, it is also the default option on nmap, meaning if you don’t specify any scan type, nmap will use the default SYN scan method. This is the most popular scan type of nmap. Here’s is the basic command to perform one. Since we’re going all the way through with the three-way handshake in this method, even though it seems the most reliable one on standard targets (not behind firewall etc.) it has the slightest possibility to flood the target. A TCP scan is accomplished with the full three-way handshake, meaning that when we ask nmap to execute a TCP scan on a port on some target, it will send a SYN, wait for the SYN/ACK and send back the ACK, after these, it will tell us that the port is open (or closed). Like we’ve discussed earlier in our target specification post, nmap executes a TCP scan with the -sT option. By the way, for what it’s worth, SYN stands for synchronize and ACK stands for acknowledge. Now since we understand what SYN, SYN/ACK and ACK means, we can start digging around with nmap and see what it uses these information for. When we dial some number, we basically send a SYN signal, when the target answers the phone saying “Hello?”, it actually is a SYN/ACK packet, meaning “I’m listening?”, after that when we introduce ourselves as in “Hi, I’m calling from VeriTeknik”, then we’re sending the last ACK packet. The SYN/ACK handshake is analogously described by talking on the phone (back on the old days when there weren’t caller id’s!). This way, the three-way handshake is accomplished. When the first computer receives this SYN/ACK packet, it will respond back to the target machine with an ACK packet. After receiving this packet, if the target is listening, it will normally respond with a SYN/ACK packet. When a computer sends a “Hello” signal to a target machine, it actually sends a SYN packet. The three-way handshake is another way of describing the SYN/ACK method. To understand the background of scanning, we should know some basic thing about the “three-way handshake” that occurs during a network connection. Even though we usually don’t know what network architecture or operating system the target is affiliated to, these methods are also useful for determining such information. Nmap can scan in various algorithms, we should choose wisely considering the network, operating system and firewalls. But it is almost as import to choose your method to scan the target host. Earlier we’ve discussed target specificationin detail.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |