Recent Events for MainPageDiary (Blog)

Revision 6 not available (showing current revision instead)


When an information system is able to interact over the network, he is always giving some information about him. Attackers are looking for information in order to focus their attacks. Scanning is playing an important role in the process of network discovery for the end-user but also for potential attackers.

Network scanning is not exact science

Active scanning

IP protocol scanning

ICMP scanning

Internet Control Message Protocol.

Not always filtered as some are required by RFCs and/or for proper operation.

TCP port scanning

Classical TCP Connect scan

Half-open TCP SYN flag scan

Inversed or multiple flags TCP scan

TCP ACK flag scan

Based on the result of TTL :

UDP port scanning

UDP requires a different approach to compare to TCP. As UDP is stateless, you have one way to check UDP port open :

* sending a UDP packet to a random port and waiting 
for an ICMP "destination port unreachable" type 3 code 3
* If there is an ICMP "destination port unreachable", there is no UDP service listening.
* If you got no reply, there is probably a UDP service listening.

A lot of firewalls are filtering specific ICMP messages and the result of UDP scanning may vary from time to time.

If you know the UDP services targeted, you also use correct message to get reply. This approach is often giving more feedback.

Passive Scanning