Connet Scanning
1、connect scanning with Scapy, Tools that perform Tcp scans operate by performing a full there-way handshake to establish a connection with all od the scanned ports on the remote targets system ,a ports status is determined based on whether a comnection was establish or not ,if a connection was established ,the port is determined to be open ,if a connection could not be established the port is determined to be closed .
import logging
logging.getlogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *;
SYN=IP(dst="192.168.142.170")/TCP(dport=80,flags='S')
print "-----SENT-----"
pritn "\n\n----RECEIVER---"
response=sr1(SYN,timeout=1,verbose=0)
response.display()
if int(response[TCP].flags)==18;
print " \n\n --SENT---"
ACK=IP(dst="192.168.142.170")/TCP(dport=80,flags='A',ack=(response[TCP].seq+1))
response2=sr1(ACK,timeout=1,verbose=0)
ACK.disply()
print " \n\n----RECEIVED ---"
response2.display()
else:
print " SYN ACK not returned"
2、Connnect scanning with nmap
to perform a TCP connect scans with nmap the -sT option should be used with the ip address of the host to be scanned :
nmap -sT 192.168.142.170 -p 80
of course we can use nmap to perform scans on multiple sepcified ports by passing a comma-delimited list of the ports numbers as follows:
nmap -sT 192.168.142.170 -p 21,80,443
or use Nmap to scan a sequential series of the hosts by indicating the first and last port numbers to be scanned ,separated by the dash natation :
nmap -sT 192.168.142.170 -p 20-25
if we not desifnated port, Nmap perconfigured list ports form 1 to 1000.
3 、Connect scanning with Metasploit
Metasploit has an auxiliary module that can be used to perform TCP connect scans on specified TCP ports ,to open up Metasploit in kali linux ,use the command msfconsole
4、Connect scanning with Dmitry
dmitry is a multipurpose tool that be used to perform a TCP scan on the target system ,its capabilities are showwhat limited .
6、TCP port scanning with Netcat
performing a scan against an open port will return the ip address ,port address ,and port status ,performing the scan against a closed port on a live indicate that the connection we refused ,we can automate this in a loop as shown in the following command .
A sequential series of the port numbers can be passed through a loop ,and all of thr ports can be scanned easily and quickly,
7、Zombie scanning with Scapy