In this
article we are going to scan the target machine by sending TCP flags through
their hexadecimal value and the actual Flag name can be confirm by analysis of
Nmap traffic through Wireshark.
Let’s have a look over Hex value of TCP Flag in
given below table which we are going to use in Nmap for port enumeration.
In this scan we are
sending the NONE flag of the tcp by using its hexadecimal value on the target
machine to enumerate the state of ports is open, closed or filtered.
Now execute given
below command for enumerating state of any port, here we want to identify state
for port 21.
nmap -p21 --scanflags 0x00 192.168.1.103
From given below
image you can observe we have found port 21 filtered.
When network admin will captured the incoming traffic he will get
packet for TCP-NONE flag, here we have used wireshark for network packet
analysis and we found that it is showing TCP-NONE
packet for hex value 0x00 coming
from 192.168.1.104 on port 21 as shown in given below image.
FIN Scan
TCP-FIN
flag always used for finished the communication with target network. In this
scan we are sending the FIN flag of the tcp by using its hexadecimal value on
the target machine to enumerate the state of ports is open, closed or filtered.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x01 192.168.1.103
From given below image you can observe we have found port
21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP-FIN flag, here we have used wireshark for network
packet analysis and we found that it is showing TCP-FIN packet for hex value 0x01
coming from 192.168.1.104 on port 21 as shown in given below image.
SYN Scan
TCP-SYN flag always initiate communication to establish
the connection with target network. In this scan we are sending the SYN flag of
the tcp by using its hexadecimal value on the target machine to enumerate the state
of ports is open, closed or filtered.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x02 192.168.1.103
From given below image you can observe we have
successfully found port 21 open.
When network admin will captured the incoming traffic he will get
packet for TCP-SYN flag, here we have used wireshark for network packet
analysis and we found that it is showing TCP-SYN
packet for hex value 0x02 coming
from 192.168.1.104 on port 21 as shown in given below image.
Reset Scan
RST flag is used to reset the connection between the sender
machine and the target machine. In this scan we are sending the RST flag
of the tcp by using its hexadecimal value on the target machine to enumerate
the state of ports is open, closed or filtered.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x04 192.168.1.103
From given below image you can observe we have found port
21 filtered.
When network admin will captured the incoming
traffic he will get packet for TCP-RST flag, here we have used wireshark for
network packet analysis and we found that it is showing TCP-RST packet for hex value 0x04
coming from 192.168.1.104 on port 21 as shown in given below image.
PUSH Scan
In this scan we are sending the PSH flag of the tcp by
using its hexadecimal value on the target machine to enumerate the state of
ports is open, closed or filtered.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x08 192.168.1.103
From given below image you can observe we have found port
21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP-PSH flag, here we have used wireshark for network
packet analysis and we found that it is showing TCP-PSH packet for hex value 0x08
coming from 192.168.1.104 on port 21 as shown in given below image.
PUSH flag is used to push the process priority higher of the
packet to the target machine.
ACK Scan
Ack flag is used to acknowledge the sender machine whether the
packet is received or dropped by the target. So that the sender again send the
lost or dropped packet on the target network to complete the communication
process. Here we are sending the ACK flag of the tcp by using its
hexadecimal value on the target machine to enumerate the state of ports is
open, closed or filtered.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x10 192.168.1.103
From given below image you can observe we have found port
21 closed.
When network admin will captured the incoming traffic he
will get packet for TCP-ACK flag, here we have used wireshark for network
packet analysis and we found that it is showing TCP-ACK packet for hex value 0x10
coming from 192.168.1.104 on port 21 as shown in given below image.
Open and closed ports
will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they
are open or closed is
undetermined. Ports that don't respond, or send certain ICMP error messages
back (type 3, code 0, 1, 2, 3, 9, 10, or 13), are labeled filtered. (Form Nmap.org)
Urgent Scan
URG flag is used to set the high process
priority of the packet to the target. So that target machine stops processing
the current packet and process the URG Flag packet. In this scan we are
sending the Urg flag of the tcp by using its hexadecimal value on the target
machine to enumerate the state of ports is open, closed or filtered.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x20 192.168.1.103
From given below image you can observe we have found port
21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP-URG flag, here we have used wireshark for network
packet analysis and we found that it is showing TCP-URG packet for hex value 0x20
coming from 192.168.1.104 on port 21 as shown in given below image.
In this scan we are
sending the combination of hexadecimal value of the different flag on the
target machine. As we know in Xmas scan combination of three TCP-flags [FIN,
PSH, URG] are used to enumerate state of port.
By adding the value of the flag, which is equal to the hexadecimal
value of the sender’s hexadecimal value as describe in given below table.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x29 192.168.1.103
From given below image you can observe we have found port
21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP flags [FIN, PSH, URG] here we have used wireshark for
network packet analysis and we found that it is showing TCP-packet of FIN, PSH, URG
for hex value 0x29 coming from
192.168.1.104 on port 21 as shown in given below image.
Manual Combination of Flags [FIN, SYN,
PSH]
Let have a quick review over decimal to hexadecimal
conversion with the help of following table:
Now repeat the same methodology by changing the
combination of flag to enumerate the state of any port. For example we want to scan any port by
sending combination of three flags [FIN, SYN, and PSH] so let identify hex
value for sum of three flags.
Now execute given below command for enumerating state of
any port, here we want to identify state for port 21.
nmap -p21
--scanflags 0x0B 192.168.1.103
From given below image you can observe we have found port
21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP flags [FIN, SYN and PSH] here we have used wireshark
for network packet analysis and we found that it is showing TCP-packet of FIN, SYN,PSH for hex value 0x0B
coming from 192.168.1.104 on port 21 as shown in given below image.
Manual Combination of Flags [FIN, RST,
PSH]
Now repeat the same methodology by changing the
combination of flag to enumerate the state of any port. For example we want to scan any port by
sending combination of three flags [FIN, RST, and PSH] so let identify hex
value for sum of three flags.
nmap -p21 --scanflags 0x0D 192.168.1.103
From given below
image you can observe we have found port 21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP flags [FIN, RST and PSH] here we have used wireshark
for network packet analysis and we found that it is showing TCP-packet of FIN, RST,PSH for hex value 0x0D
coming from 192.168.1.104 on port 21 as shown in given below image.
Now repeat the same methodology by changing the
combination of flag to enumerate the state of any port. For example we want to scan any port by
sending combination of four flags [FIN, SYN, RST, and PSH] so let identify hex
value for sum of four flags.
Now execute given below command for enumerating
state of any port, here we want to identify state for port 21.
nmap
-p21 --scanflags 0x0F 192.168.1.103
From given below image you can observe we have
found port 21 filtered.
When network admin will captured the incoming traffic he
will get packet for TCP flags [FIN,SYN, RST and PSH] here we have used
wireshark for network packet analysis and we found that it is showing TCP-packet of FIN, SYN, RST,PSH for hex value 0x0F coming from 192.168.1.104 on port 21 as shown in given below
image.
0 comments:
Post a Comment