Network Hacking (Port Scanning)

            -:Network Hacking (Port Scanning):- 

Port Scanning :- Port scanning is carried out to determine a list of open ports on the

remote host that have certain services or daemons running. In port scanning, the attacker

connects to various TCP and UDP ports and tries to determine which ports are in listening mode.

1) TCP Ports Scanning :- Almost all port scans are based on the client sending a packet

containing a particular flag to the target port of the remote system to determine whether

 the port is open. Following table lists the type of flags a TCP packet header can contain.

A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the 

client's SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.

Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning

2) UDP Ports Scanning :- In UDP port scanning, aUDP packet is sent to each

 port on the target host one by one.
If the remote port is closed, then the server replies with a Port Unreachable 

ICMP error message. If the port is open then no such error message is generated.

3) FTP Bounce Port Scanning :- The FTP bounce port scanning technique was

 discovered by Hobbit. He revealed a very interesting loophole in the FTP protocol 

that allowed users connected to the FTP service of a particular system to connect 

to any port of another system. This loophole allows anonymous port scanning.