TCP scan and SYN scan and FIN Scan

Source: Internet
Author: User

Haha, I am in a good mood today. I am complaining about this scan problem...
At present, I usually use TCP or SYN scanning. This FIN scan is not commonly used. It is also called a secret scan.
The following three methods will be used for a small discussion. For more information, please advise!
I. Why is TCP scanning slow? This method sends a connection request packet segment from a port on the local host to a port on the target host during scanning, after receiving this request message, the target host sends back a validation packet if it agrees to it, after receiving the validation message segment, the local host can confirm that the port of the target host is active. if the port of the target host is a dead port, the target host will not send a confirmation message. (another problem here is that if the port is a dead port, can the target host receive our connection request? I don't think I can accept it myself. Who needs to know)
2. SYN Scan
This scanning method is relatively fast.
Principle:
(1): the local host sends a SYN data segment to the target host. (This involves the structure of TCP packets. In the TCP Message, the SYN flag is used to establish a connection and synchronize the serial numbers of both parties. if SYN = 1 and ACK = 0, the packet is a connection request. If SYN = 1 and ACK = 1, the connection is accepted .)
(2): If SYN = 1, ACK = 1 in the Response Message of the target host, it indicates that the port is active. Then, we will send an RST to the target host, the connection is denied.
Here, if the response of the target host is RST, it indicates that the port is dead. In this case, no response is required.
3. FIN Scan
In the TCP packet structure, the FIN segment indicates that the sender has no data to transmit and wants to release the connection.
When we send a FIN = 1 packet to a closed port, the packet is discarded and an RST packet is returned. however, when the FIN packet is sent to an active port, the message is simply discarded without responding to any information.
The advantage of this scanning method is that no TCP connection is established at all, which greatly reduces the possibility of being recorded by the target host and ensures high security.
Well, the principles of the three methods have been completed. Next we will discuss a very serious problem, that is, TCP and SYN are flat in the impression of many small dishes. in fact, this is not the case. SYN is only a small part of the TCP packet structure. FIN, RST, PSH, ACK, URG, and so on all belong to TCP. UDP is at the same level as TCP. Do not confuse SYN with UDP!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.