The Functioning of Nmap TCP Maimon Scan and Nmap TCP ACK Scan
As networks are nowadays becoming an integral part of the lives of everyone’s globally, the need for developing advanced technologies to ensure the security of such networks is also becoming crucial towards making sure there is protection of data and preservation of privacy, especially among the internet networks. Therefore, network security is becoming significantly important as the number of people spending time connected continues to tremendously grow. This is due to the fact that compromising network security will have a commendable detrimental effects likely to affect the entire network been used (Comer, 2006). However, this has nowadays been checked through the availability of effective tools that are vital in assisting with the network security.
However, in this era of computer usage the prioritization of the network security of crucial importance since it helps in abating the works of hackers (Doug and Alan, 2003). This is mainly because in the computer networking, hacking often involves any technical effort of the manipulation of the normal functioning of the network connections as well as the connected systems thereby necessitating the need for taking the network security measures in advance. This is mainly because today hacking is often associated with the programming attacks that are maliciously targeted on the internet as well as other network connections (Network Uptime, 2011).
Nmap also referred to as the network mapper is actually a free and open source utility mostly used for network security auditing or network exploration. In addition, a great number of systems as well as network administrators usually find it more useful in performing tasks such as managing service upgrade schedules, network inventory, and also in monitoring host or service uptime (McNab, 2011). Also, Nmap uses raw internet protocol (IP) packets in more crucial ways towards determining the hosts that are available on the network, the operating systems they are running, what services offered by those hosts (application name and version), the type of packet firewalls/filters are in use, as well as other numerous characteristics of the network. It was designed to rapidly scan large networks, but works fine against single hosts (Comer, 2006).
Additionally, Nmap usually run on the entire of major computer operating systems, as well as the official binary packages that are commonly available for Linux, Mac OS X and Windows. In addition, to the Nmap executable classic command-line, the Nmap suite also includes an advanced GUI as well as a results viewer (Zenmap), redirection, a debugging tool (Ncat), a flexible data transfer, a utility for the comparison of scan results (Ndiff), as well as a tool for the analysis of packet generation and response (Nping).
Network mapper is however a free port scanner, released under GNU GPL. The Nmap output usually contains a list of targets that have already been scanned. Each of such targets always consist of specific information that is mainly dependent on the type of scan used (Doug and Alan, 2003). Moreover, it also consists of the ports table which is identifiable through a unique port number. In addition, these ports table also consist of the service name, state as well as the protocol used. Therefore, there are four states which could be filtered / unfiltered or open / closed. Thus, when the port is open, this means that the host machine has an application that is active and it is listening for packets on the relevant port. While on the other hand, when the port is actually filtered, it is an indication that a firewall is present (McNab, 2007). Therefore, in this situation, a firewall is actually a piece of software or even a hardware gadget that blocks the port thereby making it hard for the network mapper to determine its state, that is, is it closed or is it open.
Nmap is capable of performing a wide range of scans. However, some of these scans are more aggressive and blatant, whereas others are usually designed to be stealthy as well as performing scans undetected. Therefore, depending on the scan type performed, there is an opportunity to discover different information as well. Hence, Network mapper is likely to provide eleven scan techniques such as: Connect, SYN Stealth, Ping, UDP Scan, FIN, Xmas, Null, IP Protocol Scan, RPC Scan, List Scan, ACK Scan, Window Scan and FTP Bounce all of which having details and features capable of unearthing and displaying network installed programs especially applications and other security features (Doug and Alan, 2003). Therefore, these scanning techniques have security features ranging from firewalls, anti hacking systems to advanced intruder detecting systems. However, as long as the security of the network is concerned, a firewall is of very crucial importance since it greatly helps in the detection as well as prevention of the unwanted network traffic (McNab, 2011).
Thus, it actually has predetermined a mechanism that usually sniffs the entire of the network’s incoming as well as outgoing traffic and acts accordingly. Hence, as a result of this, some of the traffic, which is not required wouldn’t pass the firewall thereby creating a barrier that is responsible of securing the network from attacks and more so the external attacks (Comer, 2006). Additionally, some of the hackers are likely to attack a firewall thereby creating a channel that they are capable of using to aid their penetration into the network, however, a network mapper consists of an anti hacking systems in place, which is responsible of detecting such hackers and denying them entry into the network.
However, whenever our network security mechanisms are actually not strong enough, there are chances of some packets possessing some transmission control protocol flags to be able to bypass such filters without being detected (Stallings, 1995). Apparently, the Nmap usually has some flags, the sA flag and the sW flag responsible of supporting the acknowledgment flag by scanning the time to live value as well as the window value. This is actually very crucial in helping the reduction of the problem of transmission control protocol flags to bypass the filters without being detected, an aspect that is very crucial in making the network to be more secure from external attacks thereby ensuring the network security (Comer, 2006).
The Nmap TCP Maimon Scan
The network mapper Transmission Control Protocol is a network security scanner that was discovered by Uriel Mainon. According to Network Uptime (2011) it doesn’t have significant difference with the Fin scan, Null scan as well as the Xmas scan. Therefore, in regards to Request for comment 793 (TCP), a packet needs to be generated in response to the requests irrespective of whether the port is open or closed. However, some of the systems will not be capable of passing the packet forward, when the port is open (McNab, 2007).
The Nmap TCP Maimon scan ensures that the relevant flags at the port scan jacket are in place. However, these flags are the Fin flag and the acknowledgement flag. Therefore, the target is responsible of generating a RST packet with one of the two possible states, that is, when the port is open or closed. Moreover, the Nmap TCP Maimon scans usually functions by use of a property of TCP stacks. Hence, whenever packets are usually sent to a closed TCP port without the RST flag set results to a RST packet been sent in return (Doug and Alan, 2003). However, whenever the packets are sent to an open TCP port without any of the following SYN, ACK or RST flag set are just discarded silently. Moreover, sending such packets without any of the flags set, then the closed ports are capable of differentiating them from the open or filtered ports.
The Nmap TCP ACK Scan
The network mapper Transmission Control Protocol acknowledgement scan does not deal with establishment of the open and filtered ports. However, it usually deals with the rules that pertain to stateful states as well as the filtering ports. Therefore, the TCP ACK scan is involved in plotting out firewall set regulations. Thus, it usually enables the establishment when the network defender is actually a simple defender filter that allows the established connections only or a stateful defenders doing advanced packet defence (Comer, 2006).
However, the stateful mechanism at times is used for deleting TCP acknowledgement flags header. Therefore, an acknowledgement scan mostly functions by moving a TCP acknowledgement packet possessing an address to port within an external network (Network Uptime, 2011). Additionally, Nmap’s exceptional ACK scan hardly finds a port that is not closed. Therefore, ACK scan is only capable of offering a mechanism that is either filtered or unfiltered mainly because of its connection issues to an application justifying an open state.
Thus, this scan is differentiated from the fact that it never determines open or filtered ports. Hence, it is often used in mapping out firewall rulesets, responsible of determining if the ports are stateful or not as well as which are filtered. However, the ACK scan probe packet usually consists of the ACK flag set only (McNab, 2011). However, when unfiltered systems are scanned, therefore, both ports either open or closed return a RST packet. Thus, Nmap TCP ACK scan then labels them as unfiltered, indicating that ACK packet can’t reach them, irrespective of whether they are open or closed. Alternatively, the ports that do not respond, or involved in sending some ICMP error messages back, they are therefore labelled filtered.
The Nmap TCP Maimon Scan Operation
The Nmap TCP Maimon operates by scanning all the ports within a computer system network whereby all ports are also filtered (Network Uptime, 2011). This scan takes several hours to complete but it is very effective in ensuring network security.
Therefore, the options used include: -v for increased verbosity vas well as -sT for a TCP scan -p1-65535 which specifies the port rage from 1 to 65535 (the entire TCP ports)
For instance, an example of a Nmap TCP Maimon Scan is as follows:
C:’WINDOWS’system32’drivers’etc>Nmap -sT -p1-65535 192.168.1.124
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-24 00:39 Central America Standard Time
All 65535 scanned ports on 192.168.1.124 are filtered
MAC Address: 00:16:41:17:9D:B1 (USI)
Nmap finished: 1 IP address (1 host up) scanned in 6925.996 seconds
ACK Scan Operation
ACK scan does not locate any port that is open. Therefore, the ACK scan only provides a “unfiltered” or “filtered” disposition since it usually never connect to an application in confirming an “open” state (Jeff, 2006). Hence, an ACK scan functions by moving a TCP ACK packet with a destination MAC address to another port in a different part of the network. If a reply is not gotten then the port is classified as filtered, as shown by diagram below:
Moreover, when the port located in a different system sends back a RST packet, then the established association between device on another network and the network mapper is classified as unfiltered (Network Uptime, 2011), as shown in the diagram below:
[220.127.116.11] [18.104.22.168] TCP: D=6969 S=38667 ACK=0 WIN=1024
[22.214.171.124] [126.96.36.199] TCP: D=38667 S=6969 RST WIN=0
In addition, the network mapper production shows the scan output through an internetworking device whereby in the case illustrated above only a single TCP port was indicated as unfiltered. Therefore, the network mapper adds the weight on ‘un’ as shown in the example below according to (Network Uptime, 2011)
# nmap -v -sA 188.8.131.52 -P0
Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-04-24 10:40 EDT
Initiating ACK Scan against pcp05116560pcs.tallah01.fl.comcast.net (184.108.40.206) [1663 ports] at 10:40
ACK Scan Timing: About 9.02% done; ETC: 10:46 (0:05:03 remaining)
ACK Scan Timing: About 75.68% done; ETC: 10:42 (0:00:36 remaining)
The ACK Scan took 119.13s to scan 1663 total ports.
Host pcp05116560pcs.tallah01.fl.comcast.net (220.127.116.11) seems to be functioning quite well.
Remarkable ports on pcp05116560pcs.tallah01.fl.comcast.net (18.104.22.168):
(The 1662 ports inspected but unidentified below are in state: filtered)
PORT STATE SERVICE
6969/tcp unfiltered acmsoda
Nmap finished: 1 IP address (1 host up) scanned in 119.271 seconds
Raw packets sent: 3328 (133KB) | Rcvd: 8 (368B #
The Nmap ACK scan main advantage is that since it does not open any session, as the case the application one as well as the talk between network mapper and the device on another part of the network is actually not complex. However, the scan is usually not for many ports which may make it not to be seen when combined with other packets on the network. On contrary, this scan method also have a main disadvantage of its simplicity (Doug and Alan, 2003). This is due to the fact that it will actually not try gaining connection to any device that is on another network. In addition, it is actually not easy for it to identify ports that are not closed. Generally, this scan method does not search for ports that are not closed, however, it serves a very crucial task of classifying the ports that are sifted in a defence apparatus (Jeff, 2006).
TCP ACK Ping Operation
The TCP ACK ping is made up of an arbitrary TCP ACK that is sent to a device on another network. When the device is actually not passive, a RST will then be sent back. However, for the passive devices whose ports are not filtered, response to the ACK is actually ignored. Additionally, the port usually list choices that enables the client in classifying a chain of ports for the ACK ping to apply (Network Uptime, 2011). However, this port list condition is not flexible as a mere spelling of the IP addresses; but it is an activity that often precede the scan procedure itself and not the real scan. For this scan all the ports are listed one by one whereby each of them is separated with a comma.
However, this method of scanning which is transmission control protocol ACK ping consists of a great benefit, that is, the TCP ACK ping uses few packets in comparison to other methods of scanning. In addition, there are numerous times when the well known ACK query to a device is not easily seen. Moreover, the TCP ACK ping scan method is very crucial since it allows checking of various port numbers, thereby giving nmap additional ways at times of negotiating a scan via a defence mechanism (Comer, 2006).
In conclusion, network security is of crucial significance especially at this time when almost everyone spends significant time connected on daily basis. Therefore, the network mapper is an important method to ensure that this security is maintained via its scanning techniques including the two discussed in this report, that is, Nmap TCP Maimon Scan and Nmap TCP ACK Scan (Network Uptime, 2011). Both of these scanning techniques despite utilising different working mechanisms they collaboratively function for a similar ultimate goal which is to ensure the network security.
Comer, D. E. 2006, Internetworking with TCP/IP: Volume 1 – Principles, Protocols and Architecture, 5th Edition, New York: Prentice Hall.
Doug, W. and Alan, R., 2003, The Jing a Telescope factory(JATF): A network security case study, Journal of Information Systems Education, online, http://search.proquest.com/docview/200109678/13090C992D94DBAA1C8/3?accountid=45049, viewed on 25 July 2011.
Jeff, F., 2006, Nmap 4.0 Does Windows, Windows IT Security, Issue 6, Vol 6, pp 11-12, online, http://web.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=31c94913-59b7-4b54-8873-344a470436d6%40sessionmgr15&vid=2&hid=9, retrieved on 25 July 2011.
McClure, S., Scambray, J. and Kurtz, G. 2003, Hacking Exposed, 4th Edition, Worcester, UK: Osborne.
McNab, C. 2007, Network Security Assessment: Know Your Network, 2nd Edition, Sebastopol: O’Reilly.
McNab, C., 2011, Network Security Assessment, online, http://books.google.com/books?id=_g6MHX88bXUC&pg=PT69&dq=Nmap+TCP+Maimon+Scan&hl=en&ei=r4AgTre3LsTtrQfak6GTAg&sa=X&oi=book_result&ct=result&resnum=4&ved=0CDgQ6AEwAw#v=onepage&q=Nmap%20TCP%20Maimon%20Scan&f=false, viewed on July 25 2011.
Network Uptime, 2011, Online Resource for Network Professionals, online, http://www.networkuptime.com/nmap/page3-12.shtml, viewed on July 25 2011.
Stallings, W. 1995, Network and Internet Security: Principles and Practice, IEEE Computer Press.
CRAZY OFFER!!! ASSIGNMENTS COMPLETED FOR FREE!!
GET THIS ASSIGNMENT DONE FOR FREE NOW, JUST PLACE YOUR ORDER AND DO NOT MAKE ANY PAYMENT: WE WILL COMPLETE THE PAPER FIRST BEFORE YOU PAY AND YOU PAY ONLY AFTER YOU RECEIVE AND APPROVE YOUR COMPLETED PAPER! IF YOU ARE NOT IMPRESSED, WE WILL NOT ASK ANYTHING FROM YOU! WHAT ELSE WE WILL DELIVER IT WITHIN YOUR SPECIFIED TIME FROM 3 HOURS TO 10 DAYS DEADLINE.
THIS IS ONLY A LIMITED OFFER! TAKE ADVANTAGE!!