Title: Network port scanning

KBTAG: kben10000058
URL: http://www.securityportal.com/lskb/10000050/kben10000058.html
Date created: 17/07/2000
Date modified: 24/08/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Network port scanning
Keywords: Network

Summary:

There are a number of tools to scan remote systems and identify whether they are connected or not, what OS they are running, and which services.

More information:

Network scanners

Network scanners are run from a host and pound away on other machines, looking for open services. If you can find them, chances are an attacker can to. These are generally very useful for ensuring your firewall works.

Strobe

Strobe is one of the older port scanning tools, quite simply it attempts to connect to various ports on a machine(s) and reports back the result (if any). It is simple to use and very fast, but doesn't have any of the features newer port scanners have. Strobe is available for almost all distributions as part of it, or as a contrib package, the source is available at: ftp://suburbia.net/pub/.

Nmap

Nmap is a newer and much more fully-featured host scanning tool. It features advanced techniques such as TCP-IP fingerprinting, a method by which the returned TCP-IP packets are examined and the host OS is deduced based on various quirks present in all TCP-IP stacks. Nmap also supports a number of scanning methods from normal TCP scans (simply trying to open a connection as normal) to stealth scanning and half-open SYN scans (great for crashing unstable TCP-IP stacks). This is arguably one of the best port scanning programs available, commercial or otherwise. Nmap is available at: http://www.insecure.org/nmap/index.html. There is also an interesting article available at: http://raven.genome.washington.edu/security/nmap.txt on nmap and using some of it’s more advanced features.

Rnmap

Remote nmap (Rnmap) is a pair of client and server programs which allow for various authorised clients to run their port scans from a centralised server. http://rnmap.sourceforge.net/

Network Superscanner

http://members.tripod.de/linux_progz/

Portscanner

Portscanner is a nice little portscanner (surprise!) that has varying levels of outputs making it easy to use in scripts and by humans. It’s OpenSource and free to use, you can get it at: http://www.ameth.org/~veilleux/portscan.html.

Queso

Queso isn’t a scanner per se but it will tell you with a pretty good degree of accuracy what OS a remote host is running. Using a variety of valid and invalid tcp packets to probe the remote host it checks the response against a list of known responses for various operating systems, and will tell you which OS the remote end is running. You can get Queso from: http://www.apostols.org/projectz/queso/.

spidermap

spidermap is a set of Perl scripts to help automate scans and make them more selective. You can get it from: http://www.secureaustin.com/spidermap/.