In this article we are going to explain about the IP scan and Port scan.
Checking the available IP address of a network is can be categories as an IP scan. The basic IP scanners do send a ping /ICMP echo request to targeted host /IP and wait for the ICMP echo reply while the end of the timeout period. The IP addresses which replies with the ICMP echo replies are available IPs.
ICMP Packet Header Format
An ICMP packet identified from the “type field” in the packet header. If the type includes 8, the packet is the ICMP echo request. If the type value has 0, it is an ICMP echo reply
Other Common ICMP Type Codes
- Type 3- Destination Unreachable
- Type 5- Redirect Message
- Type 11- Time Exceeded
- Type 13- Timestamp
Sending large requests to multiple ports on target hosts within a small time period can classify as a port scan. The motivation of a port scan can be varied by the user, but the main reason for a port scan is to find open ports.
Port Scanning Methods
There are few available port scanning methods.
- TCP connections
This is a basic method of a port scan. Open a TCP connection to ports on the targeted host. A successful connection is opened for open/available ports.
- UDP scanning
UDP is a connectionless protocol. Because of that, it can’t confirm the sates of the connection. But the UDP packets were sent to closed ports, an ICMP port unreachable error message will generate. A tool can map these messages with the ports to get available ports.
- SYN Scanning
As TCP/IP basics, a response to an SYN packet is SYN-ACK packets. If there is a connection, there should be an SYN-ACK for every SYN. In this method, the tool generates and sends the SYN packet to targeted ports on the host. If the port is open, SYN-ACK is the result. Then the tool sends a RST packet to close the connection. The result of the SYN packet to closed port is a RST packet. These results can be mapped with the ports.
- FIN scanning
Normal TCP/IP behavior to FIN packet is ignoring it. But the tool sends a FIN packet to the closed port of a host, it will respond with RST pack. This can be mapped with open ports. Since this is normal behavior this is a stealth port scanning method.
The port number is ranging from 0 to 65535.
TCP Socket Connection
To establish a connection between 2 sockets normal TCP 3-way handshake must be completed. A 3-ways handshake process as follows.
- HostA sends SYN packet to HostB with the sequence number “a”.
- HostB reply back to HostA with a SYN-ACK packet. It has the sequence number “x” and acknowledges number “a+1”.
- Host A reply back to HostB with ACK. Acknowledge number is “x+1″.