filmov
tv
Identifying Open Ports in Wireshark, HakTip 137
Показать описание
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Today on HakTip, Shannon explains how to view an attack on your network and how to discover your vulnerable network ports.
If you are working at a business, you may find that an attacker wants to get into your network. The attacker would start by collecting publicly available information- like from your website. They can scan the website's IP address for any open ports or running services, and a way to get in, or 'intrude'. Oftentimes, an attacker can use a TCP SYN (for tcp synchronize) scan to find out what's available to them. If your server was open, it would reply with an ACK acknowledge packet, and they'd have a handshake, but not a completed one since the attacker won't be connecting yet. If a port is closed or if you've got a firewall turned on, they would either get an RST packet or none at all. This info probably sounds familiar if you've watched my series on NMap, a network scanner.
I'm using an example from Chris Sanders Practical Packet Analysis. Buy this book. It's extremely useful and he goes into a lot of details I've just skipped over.
If you look under "Conversations" when an attack like this is going on, you'd see one IPv4 conversation happening, and tons of TCP ones. So let's look at the very first packet, by clicking it, opening the packet header pane right clicking on Destination Port, and choosing Prepare a Filter, Selected. Delete dst from the filter, and press enter. We see that these are both port 443, but the server never replied. So maybe the port is closed.
Now find a port 53 packet, for DNS and do the same thing. The server tries to reach out to the attacker, but the attacker denies a connection, ending the TCP handshake. So it looks like the DNS port is open. Do the same thing for a packet reaching out to port 113, like packet 13. This is used for authentication services. The port is closed, or nothing is running on it. The server replies with RST packets.
Open that conversations window again and sort TCP by packets, from high to low. Hit follow stream at the bottom to view the conversation for that specific conversation. You'll notice that the ones with 5 packets are open, the ones with 2 packets are closed (RST). The rest only had one packet, meaning the ports are probably closed too.
-~-~~-~~~-~~-~-
Please watch: "Bash Bunny Primer - Hak5 2225"
-~-~~-~~~-~~-~-
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
____________________________________________
Today on HakTip, Shannon explains how to view an attack on your network and how to discover your vulnerable network ports.
If you are working at a business, you may find that an attacker wants to get into your network. The attacker would start by collecting publicly available information- like from your website. They can scan the website's IP address for any open ports or running services, and a way to get in, or 'intrude'. Oftentimes, an attacker can use a TCP SYN (for tcp synchronize) scan to find out what's available to them. If your server was open, it would reply with an ACK acknowledge packet, and they'd have a handshake, but not a completed one since the attacker won't be connecting yet. If a port is closed or if you've got a firewall turned on, they would either get an RST packet or none at all. This info probably sounds familiar if you've watched my series on NMap, a network scanner.
I'm using an example from Chris Sanders Practical Packet Analysis. Buy this book. It's extremely useful and he goes into a lot of details I've just skipped over.
If you look under "Conversations" when an attack like this is going on, you'd see one IPv4 conversation happening, and tons of TCP ones. So let's look at the very first packet, by clicking it, opening the packet header pane right clicking on Destination Port, and choosing Prepare a Filter, Selected. Delete dst from the filter, and press enter. We see that these are both port 443, but the server never replied. So maybe the port is closed.
Now find a port 53 packet, for DNS and do the same thing. The server tries to reach out to the attacker, but the attacker denies a connection, ending the TCP handshake. So it looks like the DNS port is open. Do the same thing for a packet reaching out to port 113, like packet 13. This is used for authentication services. The port is closed, or nothing is running on it. The server replies with RST packets.
Open that conversations window again and sort TCP by packets, from high to low. Hit follow stream at the bottom to view the conversation for that specific conversation. You'll notice that the ones with 5 packets are open, the ones with 2 packets are closed (RST). The rest only had one packet, meaning the ports are probably closed too.
-~-~~-~~~-~~-~-
Please watch: "Bash Bunny Primer - Hak5 2225"
-~-~~-~~~-~~-~-
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
0:07:06
Identifying Open Ports in Wireshark, HakTip 137
0:03:10
Finding Open Ports with Wireshark
0:06:37
How to Scan IP address and find all open ports
0:06:52
How To Use nmap To Scan For Open Ports
0:17:09
Nmap Tutorial to find Network Vulnerabilities
0:05:24
Analyzing UDP in Wireshark
0:06:49
Observing a TCP conversation in Wireshark
0:03:49
Network Fundamentals 9-5: DEMO: Wireshark, Ephemeral Ports
0:01:04
How to use wireshark to monitor websites visited
0:03:24
How to Verify L4 Ports with Wireshark
0:02:39
How To Find Host on Network (Wireshark)
0:02:52
how to check if the port is opened or blocked?
0:02:09
How to Find IP Address in Wireshark
0:03:46
Scanning Your Network For Open Ports
0:08:41
How to DECRYPT HTTPS Traffic with Wireshark
0:02:19
Decoding Modbus RTU Captures in Wireshark
0:44:03
How Nmap really works // And how to catch it // Stealth scan vs TCP scan // Wireshark analysis
0:06:42
Port scan | Kali Linux | How to find open Ports?
0:00:53
How to Filter information based on port Using Wireshark
0:00:58
The TOP THREE Wireshark Filters! #shorts
0:28:04
The Top 15 Network Protocols and Ports Explained // FTP, SSH, DNS, DHCP, HTTP, SMTP, TCP/IP
0:01:13
How to Find Open Ports on a Network Using Nmap
0:06:07
Wireshark and Recognizing Exploits, HakTip 138
0:05:48
Scanning targeted IP address and identify open ports using NMap
Комментарии