1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port Scanning

Discussion in 'Ethical hacking' started by parveen21, May 28, 2010.

  1. parveen21

    parveen21 New Member

    May 28, 2010
    Likes Received:
    Trophy Points:
    Home Page:
    NMap or Network Mapper, written by Fyodor, is considered the best port scanning tool available currently. Nmap is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single host. Nmap uses raw IP packets in innovative ways to determine what host available on the network, what service (port) they are offering, what operating system (and OS version) they are running, what type of packet filters /firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers, and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL. Can be downloaded from
    NMap does the remote OS detection in detail on Active Stack Fingerprinting.
    Nmap support several way to spoof scan. One way is to give a different source IP. If you are on a broadcast Ethernet segment it is possible to specify a non-existent IP address and to sniff the network for the packets being sent as reply to the address.
    Another way of keeping the identity obscure is to use the decoy option. Scans are spoofed as originating from decoy machine. The real scan from the user's machine is interspersed in-between. This is a slow scan and obscurity gets better with more number of decoys. The idea here is to confuse the target host's administrator regarding the real scan. The host used as decoys should be up or the scan might accidentally SYN flood the target.
    The ident scan option can be used only if the target has the port 113/auth open. It only works with TCP connect scan. This will reveal the owner of the daemon which is listening on the port if the site is running identd. This scan requires the complete TCP three way handshake and will be registered on the target.
    The fragmentation option allows the user to fragment the packet into small IP fragments. This makes it harder for packet filters to detect the scan unless they queue up all IP fragments (which are rare). However sometimes this can cause unexpected behavior in the target system.

Share This Page