Lost universe of Programing

USERNAME :- Guest Forum Post:-114
HomePortalGalleryRegisterLog in

Share | 

 TCP Flag Types (Scanning and FootPrinting) 8

Go down 
Er Amit Tripathi


Number of posts : 37
Age : 32
Location : Lucknow
Job/hobbies : Software Engeener
What U like To do ? : I Rocks With Computer System.
Registration date : 2008-01-09

PostSubject: TCP Flag Types (Scanning and FootPrinting) 8   2/10/2008, 2:34 am

Quote :

Flag Purpose

SYN Synchronize and Initial Sequence Number (ISN)
ACK Acknowledgement of packets received
FIN Final data flag used during the 4-step shutdown of a session
RST Reset bit used to close an abnormal connection
PSH Push data bit used to signal that data in the packet should be pushed
to the beginning of the queue. Usually indicates an urgent message.
URG Urgent data bit used to signify that urgent control characters are
present in this packet that should have priority.

At the conclusion of communication, TCP terminates the session by using
a 4-step shutdown. Those four steps proceed as follows:

1. The client sends the server a packet with the FIN/ACK flags set.
2. The server sends a packet ACK flag set to acknowledge the clients
3. The server then generates another packet with the FIN/ACK flags set
to inform the client that it also is ready to conclude the session.
4. The client sends the server a packet with the ACK flag set to conclude
the session.

The TCP system of communication makes for robust communication but also
allows a hacker many ways to craft packets in an attempt to coax a server
to respond or to try and avoid detection of an intrusion detection system
(IDS). Many of these methods are built into Nmap and other port scanning
tools, but before taking a look at those tools, some of the more popular
port scanning techniques are listed here:

- TCP Connect scan This type of scan is the most reliable, although
it is also the most detectable. It is easily logged and detected because
a full connection is established. Open ports reply with a SYN/ACK, whereas
closed ports respond with an RST/ACK.

- TCP SYN scan This type of scan is known as half open because a full
TCP three-way connection is not established. This type of scan was originally
developed to be stealthy and evade IDS systems although most now detect
it. Open ports reply with a SYN/ACK, whereas closed ports respond with

- TCP FIN scan Forget trying to set up a connection; this technique
jumps straight to the shutdown. This type of scan sends a FIN packet
to the target port. Closed ports should send back an RST. This technique
is usually effective only on UNIX devices.

- TCP NULL scan Sure, there should be some type of flag in the packet,
but a NULL scan sends a packet with no flags set. If the OS has implemented
TCP per RFC 793, closed ports will return an RST.

- TCP ACK scan This scan attempts to determine access control list (ACL)
rule sets or identify if stateless inspection is being used. If an ICMP
destination unreachable, communication administrative prohibited message
is returned, the port is considered to be filtered.

- TCP XMAS scan Sorry, there are no Christmas presents here, just a
port scan that has toggled on the FIN, URG, and PSH flags. Closed ports
should return an RST.

Now let's look at UDP scans. UDP is unlike TCP. Although TCP is built
on robust connections, UDP is based on speed. With TCP, the hacker has
the ability to manipulate flags in an attempt to generate a TCP response
or an error message from ICMP. UDP does not have flags, nor does UDP
issue responses. It's a fire and forget protocol! The most you can hope
for is a response from ICMP.
If the port is closed, ICMP will attempt to send an ICMP type 3 code
3 port unreachable message to the source of the UDP scan. But, if the
network is blocking ICMP, no error message will be returned. Therefore,
the response to the scans might simply be no response. If you are planning
on doing UDP scans, plan for unreliable results.


""-(`v)-"Er Amit Tripathi"-(`v)-"

Back to top Go down
View user profile http://www.aspx.realmsn.com
TCP Flag Types (Scanning and FootPrinting) 8
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Lost universe of Programing :: --=| TUTORIALS |=-- :: ETHICAL HACKING & NETWORKING-
Jump to: