TCP and UDP Scanning
A modern equivalent of War Dialing is Port Scanning, where we can measure whether open TCP and UDP ports on the target are open and listening
- Port scanners send TCP and UDP packets to various ports and determine if a process is active on those ports.
TCP Port Scanning
Common ports
- TCP 80 - Web Server
- TCP 23 - Telnet Server
* If we could determine that common TCP ports like port 80 or port 23 were open, we’d know that there’s a web server or telnet server on that machine
TCP Flags
TCP flags are flags found in the TCP header which are used to indicate connection states and verify the receipt of packets
- SYN - Synchronize
- ACK - Acknowledgement
- FIN - End a connection
- RST - Tear down a connection
- URG - Urgent data is included
- PUSH - Data should be pushed through the TCP stack
TCP Three-Way Handshake
TCP Three-Way Handshake is a type of TCP port scanning that, when successfully completed, lets the user know that the port is open on the destination machine
- When TCP connects from a source to a destination, the source sends an SYN flag
- The destination then answers back by sending its own SYN flag along with an ACK flag to acknowledge the SYN flag sent by the source
- The source sends back an ACK flag for the SYN that the destination sent back