The Managed Switch Port Mapping Tool is software for Windows that discovers devices attached to port connectors on an SNMP managed network switch.
About the Managed Switch Port Mapping ToolAsk Yourself..
IP Port Scanner is a free tool for scanning the IP addresses of the network. It works very fast and used for small networks. It scans the IP address by the ping command and scans the popular ports to see whether there is a service.
Do you have a rack of ethernet network switches with cables leading to who knows where?
Do you need to discover and identify the network devices attached to your switches? Do you need a single app to map port usage on several different brands of switches?
If we wanted to get a quick overview of the variables, we can use the descriptive statistics tool. Download descriptive statistics analysis tool excel for mac. This looks like a lot. Then highlight the column containing the data, if you have checked column 1 as labels make sure to includes it. It shall also be used for other topics in the post. Go to the basic statistics tab in StatPlus and click on descriptive statistics.
We can help!
Our Switch Port Mapper can discover and show you the MAC addresses and optionally IPv4 addresses of devices attached to the physical ports of your switches. Supply the SNMP access credentials for each switch and map them manually or as a list of switches.
Port scanning is a popular reconnaissance technique which is used to discover the open ports and services available on a particular host. It can be used by the network administrator to check the open ports; it can be used by penetration tester during the security audit to check for vulnerabilities or it can be used by an attacker or a hacker to discover vulnerable service that they can exploit to break into the system. Every host connected to the LAN or internet run many services that listen on some port. By running the port scan, we can get the information like what all ports are open, what service is running on each port, what is the OS and MAC address of the target host, etc. We can configure the port scanner according to our requirement to get the maximum information from the target system.
Port scanners send a request to connect to each port sequentially and based on the response it decides whether the port is open, closed or filtered.
There are total 65536 ports each for TCP and UDP protocol which are divided into three ranges:
Types of port scanning
There are multiple port scanning techniques available. Let’s look into each scan type in detail.
TCP SYN scan: SYN scan is also known as half-open scanning as it doesn’t connect completely to the port. In this scan, the scanner sends a SYN packet to initiate a communication and wait for a response. The SYN-ACK packet from the target port indicates the port is listening i.e. open while an RST (reset) indicates the port is not listening i.e. closed.
If no response is received after multiple tries, the scanner marks the port as filtered.
TCP Connect or Vanilla scan: In the connect scan, the OS sends the connect() system call to remote host. If the port is listening, connect() will succeed. In this scan, the attacker sends a SYN packet to the remote port. If the remote port responds with a SYN-ACK packet, that means the port is open. The scanner complete the connection by sending the ACK packet. If the port is closed the response from the remote host will be RST packet. This method is faster than other methods mentioned in this article. The disadvantage of this scan is it can be detected easily as it connects to each port.
UDP scan: UDP scan sends the UDP packet to every port in the scope of the scan. The port is considered as closed if the scanner receives the ICMP port unreachable error. If the port is open, the packet is accepted, and no response packet is sent.
The major drawback of UDP scan is the scan is slow. Since there is no response from the open port, the scanner has to resent the packet multiple times leading to the delay.
ICMP scan: This is not a port scan, but it is used to ping the remote host to check if the host is up. This scan is useful when we have to check a number of live host in a network.
FIN scan: Unlike other scanning techniques, FIN scan sends a FIN packet to close a connection that is already open. The closed port will respond to FIN packet with RST while open port will drop the packet. No response from the target port can lead to the confusion whether the port is open or probe is blocked by a firewall. Hence, this scan isn’t very effective.
FIN scan for open port
FIN scan for closed port
Other scans which are similar to FIN scan are XMAS scan and NULL scan.
Port Scanning App Mac
XMAS scan sends the packet with FIN, URG and PUSH flag set whereas NULL SCAN send the packet without any TCP flag. If the port is closed on the target machine, it responds with RST. If the port is open, it will ignore the packet.
XMAS scan for open port
XMAS scan for closed port
Null scan for open port
Null scan for closed port
TCP ACK scan: ACK scan is different from other scans because this scan doesn’t give the list of open or closed port instead it checks if the port is filtered or unfiltered. It sends the packet with ACK flag set. If in response it receives RST that means the port is unfiltered and might be open or closed. Ports that don’t respond or send ICMP error marked as filtered. This type of scan is useful to detect the presence of a firewall.
Idle scan: An idle scan is a good option when you want to keep yourself anonymous while scanning. The scan involves sending forged packet to the target host which looks like it is coming from some other host. This scan uses another host’s IP address as the source IP address instead of sending attacker’s machine IP address.
The idle host involved in this scan is called zombie and hence this scan is sometimes referred as zombie scan. Let us look into the below diagram to understand how this works.
1. The attacker sends the TCP SYN packet to the Zombie, which is up and idle.
2. The Zombie responds with SYN/ACK packet with IPID 10.
3. The attacker sends the spoofed SYN packet to the victim at 10.10.10.30, with the source IP of the Zombie (10.10.10.20)
4. In the case of open port, the victim responds with SYN/ACK to the Zombie because source IP in step 3 was set to Zombie.
To get started, follow these instructions: For Mac: • Use shortcut 'Cmd + Shift + 6' to capture a section of your screen to start recording. Windows shortcut for snipping tool. Creating GIFs with the snipping tool feature uses exactly the same prompts as for HD video, but you would choose between the GIF button option. You can also select the [ ] to capture full screen (customize the shortcut in Preferences menu) • Click the CloudApp icon installed in your menu bar (top of your screen) or Applications Folder, then select the TV 'Record Your Screen' icon and select a part of your screen to capture and record For Windows PC: • Use shortcut 'Alt + Shift + 6' to capture a section of your screen, choose the HD video option, and click the Start button to record. You can also select the [ ] to capture full screen (customize the shortcut in Preferences menu) • Click the CloudApp icon installed in your menu bar (top of your screen) or Applications Folder, then select the TV or GIF icon to select part of your screen to capture and record For Windows PC: • Use shortcut 'Alt + Shift + 6' to capture a section of your screen to start recording. You can also select the [ ] to capture full screen (customize the shortcut in Preferences menu) • Click the CloudApp icon installed in system tray (bottom right of your screen) or Programs Menu, then select the TV 'Record Your Screen' icon to select part of your screen to capture and record .
5. Zombie on receiving the SYN/ACK packet from the victim sends the RST packet back to the victim with IPID 11.
6. After some time, the attacker again sends the SYN packet to the Zombie host, but Zombie host was waiting for the ACK packet from the attacker as Zombie had already sent a SYN/ACK packet in step number 2.
7. The Zombie host responds with RST packet to the attacker with IPID set to 12.
8. The attacker on receiving the RST packet with IPID set to 12 knows that the remote port on the victim machine is open (Notice the increment in IPID from 10 to 12).
9. In the case of the closed port on the victim machine, the victim responds with RST packet to the Zombie.
10. Zombie won’t reply back to RST packet (IPID remains 10).
11. After some time, the attacker again sends the SYN packet to the Zombie host, but Zombie host was waiting for the ACK packet from the attacker as Zombie had already sent a SYN/ACK packet in step number 2.
12. The Zombie host responds with RST packet to the attacker with IPID set to 11.
Free Mac Scanner Software
13. The attacker on receiving the RST packet with IPID set to 11 knows that the remote port on the victim machine is closed (Notice the increment in IPID from 10 to 11).
FTP bounce scan: This scan uses FTP server to port scan other hosts. FTP protocol has a feature of proxy FTP connections which allows a user to connect to one FTP server and send a file to each port of a target host. The error message from the port describes whether the port is open or closed. The advantage of this scan is being able to be anonymous as bouncing through FTP server hides the source address of the attacker. The disadvantages are that it is slow, and many FTP servers have disabled the proxy feature.
Ethical Hacking Training – Resources (InfoSec)
FTP bounce scan for closed port
FTP bounce scan for open port
Fragmented scan: In fragmented scan the attacker sends the probe packet in small IP fragment. The idea is to split the TCP header over several packet to make it harder to detect by firewalls. The advantage of this scan is the ability to bypass the packet filters. The disadvantage is it is slow.
Strobe scan: Strobe scan is more focused scan where an attacker scans for the known port to exploit.
Windows scan: Window scan is similar to TCP ACK scan, but this scan can identify the open ports as well. It is called the window scan because some TCP stack provides specific window size when responding to an RST frame. When ACK packet is sent to the remote port, the open port will respond with RST packet along with non-zero window size whereas the closed port will respond with RST packet along with window size of zero.
The advantage of this scan is it generates minimum traffic and does not open a session, which makes it harder to detect. The disadvantage is that it doesn’t work on all the devices.
Service fingerprint scan: Fingerprinting is a method to interpret the response to know what it is. The service fingerprint scan sends a combination of data to the remote host and based on the response it decides the service running on the remote port.
Ethical/Legal Implications
![]()
Port scanning is similar to “ringing a doorbell to see whether someone’s is at home“. Whether or not port scanning is ethical is a trick question. Port scanning is used by the security professional to detect the vulnerabilities, but it is also used by the hacker/attacker or malicious person for the same purpose. It is the first step in a successful attack. Normal port scanning to detect the open port and services cannot be considered as offensive but doing the same thing again and again on similar host or set of hosts belonging to the same company can be considered as illegal. If a computer system is affected by the port scan, it can be considered as an act of Denial of Service (DoS) attack, which is illegal.
Port Scanning Tools
SuperScan can be downloaded from http://www.mcafee.com/us/downloads/free-tools/superscan.aspx
Conclusion
Port scanners are generally freeware tools and are easily available on the internet. If your aim is to check the open port, services and OS running on the remote host, any port scanner mentioned in the above section can be used. Nmap scripting can be used to check for well-known vulnerabilities. While doing a security audit, simple port scanner can’t be used to detect all the vulnerabilities in the network or host. There are many premium tools which integrate a port scanner in them. Tools like Nessus professional, Qualys Guard, etc. are the professional version of vulnerability scanners where the port scanner is a small integrated module. Apart from giving a list of open ports, these scanner gives the detailed list of latest/old vulnerabilities along with mitigation.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |