Log In
Home
October 6, 2003
Offline
Jag har scannat ett antal datorer och får alltid samma resultat från en port connect och syn scan, men jag har hört att man skall kunna få olika resultat med de olika metoderna. Är detta sant? varför kan man få det eller varför kan man inte få det?
July 2, 2001
Offline
Så här står det i man för nmap:
SCAN TYPES
-sS TCP SYN scan: This technique is often referred to as "half-open" scanning, because you
don't open a full TCP connection. You send a SYN packet, as if you are going to open a
real connection and you wait for a response. A SYN|ACK indicates the port is listening.
A RST is indicative of a non-listener. If a SYN|ACK is received, a RST is immediately
sent to tear down the connection (actually our OS kernel does this for us). The primary
advantage to this scanning technique is that fewer sites will log it. Unfortunately
you need root privileges to build these custom SYN packets. This is the default scan
type for privileged users.
-sT TCP connect() scan: This is the most basic form of TCP scanning. The connect() system
call provided by your operating system is used to open a connection to every interest-
ing port on the machine. If the port is listening, connect() will succeed, otherwise
the port isn't reachable. One strong advantage to this technique is that you don't need
any special privileges. Any user on most UNIX boxes is free to use this call.
This sort of scan is easily detectable as target host logs will show a bunch of connec-
tion and error messages for the services which accept() the connection just to have it
immediately shutdown. This is the default scan type for unprivileged users.
2 Guest(s)
