Tecnica di scansione predefinita Nmap

8

Sono un po 'confuso su quale sia l'opzione di scansione predefinita per una scansione nmap. Ad esempio:

nmap -A -p 22

Sto eseguendo una scansione SYN o TCP connect scan?

    
posta Bob 11.12.2017 - 11:41
fonte

2 risposte

7

Durante la scansione delle porte TCP, Nmap eseguirà una scansione SYN per impostazione predefinita e farà torna a connetti scansione se l'utente non ha privilegi sufficienti.

Da i documenti :

-sS (TCP SYN scan)

SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. [...]

-sT (TCP connect scan)

TCP connect scan is the default TCP scan type when SYN scan is not an option. This is the case when a user does not have raw packet privileges. [...]

Puoi anche utilizzare il flag dettagliato ( -v ) per scoprire quali tipi di scansione sono in esecuzione:

$ nmap -v -p 22 1.2.3.4

Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-11 12:14 CET
Initiating Ping Scan at 12:14
Scanning 1.2.3.4 [2 ports]
Completed Ping Scan at 12:14, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:14
Completed Parallel DNS resolution of 1 host. at 12:14, 0.01s elapsed
Initiating Connect Scan at 12:14
Scanning xxx (1.2.3.4) [1 port]
Completed Connect Scan at 12:14, 0.00s elapsed (1 total ports)
Nmap scan report for xxx (1.2.3.4)
Host is up (0.000070s latency).

PORT   STATE  SERVICE
22/tcp closed ssh

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
$ sudo nmap -v -p 22 1.2.3.4

Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-11 12:15 CET
Initiating Parallel DNS resolution of 1 host. at 12:15
Completed Parallel DNS resolution of 1 host. at 12:15, 0.01s elapsed
Initiating SYN Stealth Scan at 12:15
Scanning xxx (1.2.3.4) [1 port]
Completed SYN Stealth Scan at 12:15, 0.04s elapsed (1 total ports)
Nmap scan report for xxx (1.2.3.4)
Host is up (0.000045s latency).

PORT   STATE  SERVICE
22/tcp closed ssh

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
           Raw packets sent: 1 (44B) | Rcvd: 2 (84B)
    
risposta data 11.12.2017 - 12:22
fonte
1

Dipende dal privato. dell'utente che esegue la scansione:

  • per un utente privilegiato, l'opzione predefinita è la scansione -sS (scansione SYN TCP)
  • per un utente inespresso, l'opzione predefinita è la scansione -sT (scansione TCP connect ())
risposta data 11.12.2017 - 11:45
fonte

Leggi altre domande sui tag