- 21 Eki 2015
- 477
- 1
In this subject I will show you how can you pass the firewall in an Ip address we scanned with Nmap scan.
Note : Note: I am using "m-e-t-a-sploitable2" in my subject. When you do this to a real system the values can changes.
Passing The Firewall
First of all,we are opening two terminal. We will use "tcpdump" and "nmap" commands.Lets select to the target.
For monitoring packets coming to the server,First we running "tcpdump" and send to "nmap".
Then we are pressing to "ctrl+c" at the "tcpdump" worked terminal and we are ending to operation.The time we ended the process it will give 3 pieces information to us.
These :
"... packets captured" (number of arrived packets to the target)
"... packets received by filter" (number of packets filtered by target)
"... packets dropped by kernal" (number of stopped packet)
Lets analyze those information and keep it in mind.
Lets run "tcpdump" and "nmap" commands again. But this time we will add a parameter to the nmap's scanning. This parameter is "-f". Standard "24 bit" nmap scan's will lower to "8bit" by this parameter. Lets run "tcpdump".
After we started the scan with "nmap" we are waiting to its finish.
We are stopping the process after we are pressing "ctrl+c" to the terminal where "tcpdump" is running. Here you will see the number of packets increased.
Yes, as you see numbers increased. Also lets try it with "16bit"'s scanning. With same style there is writing "-f" command but we are adding a "-f" parameter more.
After we run "tcpdump" we are sending it to "nmap". Later the process finished we are stopping the process by pressing "ctrl+c" to the terminal where "tcpdump" is running.
Yes, rates are like you saw . The passing firewall process is like this in "nmap".
Note : Note: I am using "m-e-t-a-sploitable2" in my subject. When you do this to a real system the values can changes.
Passing The Firewall
First of all,we are opening two terminal. We will use "tcpdump" and "nmap" commands.Lets select to the target.
Kod:
tcpdump host 192.168.1.6
Kod:
nmap 192.168.1.6
For monitoring packets coming to the server,First we running "tcpdump" and send to "nmap".
Then we are pressing to "ctrl+c" at the "tcpdump" worked terminal and we are ending to operation.The time we ended the process it will give 3 pieces information to us.
These :
"... packets captured" (number of arrived packets to the target)
"... packets received by filter" (number of packets filtered by target)
"... packets dropped by kernal" (number of stopped packet)
Lets analyze those information and keep it in mind.
Lets run "tcpdump" and "nmap" commands again. But this time we will add a parameter to the nmap's scanning. This parameter is "-f". Standard "24 bit" nmap scan's will lower to "8bit" by this parameter. Lets run "tcpdump".
After we started the scan with "nmap" we are waiting to its finish.
We are stopping the process after we are pressing "ctrl+c" to the terminal where "tcpdump" is running. Here you will see the number of packets increased.
Yes, as you see numbers increased. Also lets try it with "16bit"'s scanning. With same style there is writing "-f" command but we are adding a "-f" parameter more.
After we run "tcpdump" we are sending it to "nmap". Later the process finished we are stopping the process by pressing "ctrl+c" to the terminal where "tcpdump" is running.
Yes, rates are like you saw . The passing firewall process is like this in "nmap".
Source: https://www.turkhackteam.org/siber-guvenlik/1925070-taramada-firewall-guvenlik-duvari-atlatma-nmap.html
Translator: Y8Y1K6
Translator: Y8Y1K6