utsceh
Three-Way Handshake:
SYN, SYN-ACK, ACK
TCP Communication Flags:
SYN=SYN notifies transmission of a new sequence number
ACK=ACK confirms receipt of transmission, and identifies next expected sequence number
PSH=System accepting requests and forwarding buffered data
URG=Instructs data contained in packets to be processed as soon as possible
FIN=Announces no more transmissions will be sent to remote system
RST=Resets a connection
TCP Connect / Full Open Scan
open=syn, syn/ack, ack+rst
close=syn, rst
Stealth Scans: SYN Scan (Half-open Scan);
open=syn, syn+ack, rst
close=syn, rst
XMAS Scan
open=fin urg push, no response
close=fin urg push, rst
FIN Scan
open=fin, no response
close=fin, rst/ack
NULL Scan
open=null, no response
close=null, rst/ack
IDLE Scan
open=syn target, target syn/ack zombie, zombie rst target
close=syn target, target rst zombie
ICMP Echo Scanning/List Scan
d is co ver live machines by p in g in g all th e machines
SYN/FIN Scanning Using IP Fragments
open=
close=syn/fin+port,RST
UDP Scanning
UDP port scanners use the UDP protocol instead of TCP, and can be more difficult than TCP scanning.
Inverse TCP Flag Scanning
open=FIN/URG/PSH/NULL, no response g smpe attacker
close=FIN/URG/PSH/NULL, RST/ACK
Attackers send th e TCP p ro b e packets by enabling various TCP flag (FIN, URG, PSH) or with no flags.
ACK Flag Scanning
open=ACK, no repon gk sampe attcker
close=ACK, RST
A stealthy technique is used for identifying open TCP p or ts .
Name Port/Protocol Description
e cho 7/tcp
e cho 7/udp
d is c a r d 9/tcp sink null
d is c a r d 9/udp sink null
s y s t a t 11/tcp Users
d a y tim e 13/tcp
d a y tim e 13/udp
n e t s t a t 15/tcp
q o td 17/tcp Quote
c h a rg e n 19/tcp tty ts t source
c h a rg e n 19/udp tty ts t source
f t p - d a t a 20/tcp ftp data transfer
f t p 21/tcp ftp command
s sh 22/tcp Secure Shell
t e l n e t 23/tcp
smtp 25/tcp Mail
t im e 37/tcp Timeserver
t im e 37/udp Timeserver
r i p 39/udp resource location
n icn am e 43/tcp who is
d om ain 53/tcp domain name server
d om ain 53/udp domain name server
s q l * n e t 66/tcp Oracle SQL*net
s q l * n e t 66/udp Oracle SQL*net
b o o tp s 67/tcp bootp server
b o o tp s 67/udp bootp server
b o o tp c 68/tcp bootp client
b o o tp c 68/udp bootp client
t f t p 69/tcp Trivial File Transfer
t f t p 69/udp Trivial File Transfer
g o p h e r 70/tcp gopher server
f in g e r 79/tcp Finger
w w w -h ttp 80/tcp WWW
w w w -h ttp 80/udp WWW
k e rb e ro s 88/tcp Kerberos
k e rb e ro s 88/udp Kerberos
P°P2 109/tcp PostOffice V.2
Pop 3 110/tcp PostOffice V.3
s u n rp c 111/tcp RPC 4.0 portmapper
s u n rp c 111/udp RPC 4.0 portmapper
a u t h / id e n t 113/tcp Authentication Service
a u th 113/udp Authentication Service
a u d io n ew s 114/tcp Audio News Multicast
a u d io n ew s 114/udp Audio News Multicast
n n tp 119/tcp Usenet Network News Transfer
n n tp 119/udp Usenet Network News Transfer
n tp 123/tcp Network Time Protocol
n tp 123/udp Network Time Protocol
n e tb io s - n s 137/tcp NETBIOS Name Service
n e tb io s - n s 137/udp NETBIOS Name Service
n e tb io s -d gm 138/tcp NETBIOS Datagram Service
n e tb io s -d gm 138/udp NETBIOS Datagram Service
n e tb io s - s s n 139/tcp NETBIOS Session Service
n e tb io s - s s n 139/udp NETBIOS Session Service
imap 143/tcp Internet Message Access Protocol
imap 143/udp Internet Message Access Protocol
s q l - n e t 150/tcp SQL-NET
s q l - n e t 150/udp SQL-NET
s q ls r v 156/tcp SQL Service
s q l s r v 156/udp SQL Service
snmp 161/tcp
snmp 161/udp
s nm p - tra p 162/tcp
s nm p - tra p 162/udp
cmip -m an 163/tcp CMIP/TCP Manager
cmip -m an 163/udp CMIP
cm ip -a g e n t 164/tcp CMIP/TCP Agent
cm ip -a g e n t 164/udp CMIP
i r e 194/tcp Internet Relay Chat
i r e 194/udp Internet Relay Chat
a t - r tm p 201/tcp AppleTalk Routing Maintenance
a t - r tm p 201/udp AppleTalk Routing Maintenance
a t - n b p 202/tcp AppleTalk Name Binding
a t - n b p 202/udp AppleTalk Name Binding
a t - 3 203/tcp AppleTalk
a t - 3 203/udp AppleTalk
a t - e c h o 204/tcp AppleTalk Echo
a t - e c h o 204/udp AppleTalk Echo
a t - 5 205/tcp AppleTalk
a t - 5 205/udp AppleTalk
a t - z i s 206/tcp AppleTalk Zone Information
a t - z i s 206/udp AppleTalk Zone Information
a t - 7 207/tcp AppleTalk
a t - 7 207/udp AppleTalk
a t - 8 208/tcp AppleTalk
a t - 8 208/udp AppleTalk
ip x 213/tcp
ip x 213/udp
imap3 220/tcp Interactive Mail Access Protocol v3
imap3 220/udp Interactive Mail Access Protocol v3
a u rp 387/tcp AppleTalk Update-Based Routing
a u rp 387/udp AppleTalk Update-Based Routing
n e tw a r e - ip 396/tcp Novell Netware over IP
n e tw a r e - ip 396/udp Novell Netware over IP
Name Port/Protocol Description
rm t 411/tcp Remote mt
rm t 411/udp Remote mt
5 4 e rb e ro s 5 4 -d s 445/tcp
5 4 e rb e ro s 5 4 -d s 445/udp
isa km p 500/udp ISAKMP/IKE
fc p 510/tcp First Class Server
e xe c 512/tcp BSD rexecd(8)
c o m s a t / b i f f 512/udp used by mail system to notify users
lo g in 513/tcp BSD rlogind(8)
who 513/udp whod BSD rwhod(8)
s h e l l 514/tcp cmd BSD rshd(8)
s y s lo g 514/udp BSD syslogd(8)
p r i n t e r 515/tcp spooler BSD lpd(8)
p r i n t e r 515/udp Printer Spooler
t a l k 517/tcp BSD talkd(8)
t a l k 517/udp Talk
n t a l k 518/udp New Talk (ntalk)
n t a l k 518/udp SunOS talkd(8)
n e tn ew s 5 3 2 / tc p Readnews
u ucp 540/tcp uucpd BSD uucpd(8)
u ucp 540/udp uucpd BSD uucpd(8)
k lo g in 543/tcp Kerberos Login
k lo g in 543/udp Kerberos Login
k s h e l l 544/tcp Kerberos Shell
k s h e l l 544/udp Kerberos Shell
e k s h e l l 545/tcp
krcmd Kerberos encrypted
remote shell -k fa ll
p c s e r v e r 600/tcp ECD Integrated PC board srvr
mou nt 635/udp NFS Mount Service
p c n fs 640/udp PC-NFS DOS Authentication
bw n fs 650/udp BW-NFS DOS Authentication
f le x lm 744/tcp Flexible License Manager
f le x lm 744/udp Flexible License Manager
5 6 e rb e ro s -a dm 749/tcp Kerberos Administration
5 6 e rb e ro s -a dm 749/udp Kerberos Administration
k e rb e ro s 750/tcp kdc Kerberos authentication—tcp
k e rb e r o s 750/udp Kerberos
5 6 e rb e ro s mas
t e r 751/udp Kerberos authentication
5 6 e rb e ro s mas
t e r 751/tcp Kerberos authentication
k rb _ p ro p 754/tcp Kerberos slave propagation
999/udp Applixware
s o c k s 1080/tcp
s o c k s 1080/udp
kp op 1109/tcp Pop with Kerberos
m s - s q l- s 1433/tcp Microsoft SQL Server
m s - s q l- s 1433/udp Microsoft SQL Server
m s - s q l-m 1434/tcp Microsoft SQL Monitor
m s - s q l-m 1434/udp Microsoft SQL Monitor
Name Port/Protocol Description
p p tp 1723/tcp Pptp
p p tp 1723/udp Pptp
n f s 2049/tcp Network File System
n f s 2049/udp Network File System
e k lo g in 2105/tcp Kerberos encrypted rlogin
r k i n i t 2108/tcp Kerberos remote kinit
k x 2111/tcp X over Kerberos
k a u th 2120/tcp Remote kauth
ly s k om 4894/tcp LysKOM (conference system)
s ip 5060/tcp Session Initiation Protocol
s ip 5060/udp Session Initiation Protocol
x l l 6000-6063/tcp X Window System
x l l 6000-6063/udp X Window System
i r e 6667/tcp Internet Relay Chat
a f s 7000-7009/udp
a f s 7000-7009/udp
