nmap scan (part of UDP but full range TCP) - tcp

i have a question about nmap scan exactly about part of udp ports but full range tcp ports together...is it possible? I mean that i would like to scan just a few udp ports (most common) but the whole 65535 tcp in one command.
i try this full range but this is very slow
nmap -v -n -sT -sU -p- -sV -sC --open --reason (ip)
i also try
nmap -v -n -sT -sU -p U:53,111,137 T:(here need tips for full range tcp) -sV -sC --open --reason (ip)
thanks for your time

The syntax you need to use is: -p U:53,111,137,T:-
The - part means "all ports" and is equivalent to 1-65535. Because it comes after the T:, it applies only to TCP ports.
You probably also want to use -sS instead of -sT. Both scan for open TCP ports, but -sS lets Nmap have more fine-grained control over scan probes and a better understanding of responses, which leads to faster overall scan times. -sT uses generic socket connect() calls, which can be less efficient.

Related

DoS attack using iperf in the network

I would like to do a TCP DoS attack using iperf in my simulated network. (I use mininet). The only code that I could find is the following command for making UDP burst traffic in my network which is not relevant.
(host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200
Please let me know if there is a better code to do the TCP DoS attack using iperf or even if, there is any other code or approach to make TCP traffic as an attack.
Thanks in advance.
The only thing I could do is that, just to add number of iperf tx form attacker using threads. In this way,it sends packet in parallel to the server. So, I used the following code:
host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200 -P 6
If you want to send UDP flooding, then you must use -u switch on the server command:
iperf -s -u
on the client side, using your specification, it will be:
iperf -c 10.0.0.1 -t 200 -l 1200 -P 6
iperf is suitable for bandwidth testing. If you want to do ddos attack, please try hping3 or dperf.

Do i have reset service/something when banning an ip with iptables -j DROP

I just run this command
iptables -A INPUT -s 1.1.1.1 -p TCP -j DROP
Do i have to reset a service or something like that? It does not seems to work because when i use netstat -antp i can still see the ip i just dropped
The TCP connection may still be kept open until the timeouts (up to 5 minutes if I remember correctly), but the traffic itself should be dropped (eg. there should be no data flowing).

lsof print numeric ports

How do you get lsof to produce numeric port information instead of attempting to resolve the port to service name?
For example, I want TCP *:http (LISTEN) to give me TCP *:80 (LISTEN) in-fact if at all possible I never want to see another service name in lsof print-out ever again. So if there is a way to make numeric ports the default I would like to understand how to do that as well.
Run lsof -P.
And make sure the P goes before the i, if you combine the option with -i:
lsof -Pi
According to man lsof, -P inhibits the conversion of port numbers to port names for network files. Inhibiting the conversion may make lsof run a little faster. It is also useful when port name lookup is not working properly."
Sometimes handy is:
lsof -Pi
When I tried losf -iP it gave me some trash, so make sure P goes first.
As a side note: lsof -3.14 will provide the same trash, don't try this.

How can I make Wireshark filter by port when reading from standard in?

I'm piping from a RawCap-generated dump file to Wireshark in order to monitor local traffic, how can I instruct wireshark to only show traffic to a certain destination port?
I'm running RawCap in one Cygwin shell, and Wireshark in another to monitor RawCap's output:
Shell 1:
RawCap.exe -f 127.0.0.1 dumpfile.pcap
Shell 2:
# How do I tell Wireshark to show only traffic to port 10000?
tail -c +0 -f dumpfile.pcap | Wireshark.exe -k -i -
The appropriate flag for instructing wireshark to filter the displayed packets is -Y, as its man page reports:
-Y <display filter> start with the given display filter
For filtering the destination port of TCP, use tcp.dstport==X where X specifies the port.
Therefore, the full command is:
tail -c +0 -f dumpfile.pcap | wireshark -k -i - -Y "tcp.dstport==10000"
This is a good starting point for information on display filters. A full reference on the subject is available here and a detailed explanation of its syntax is available here. However, it's worth noting that most basic filters can be found via a simple online search.

Checking how many connections are established on specified port

How can I check, how many connections are established for example on port 80 and then write it to the file using bash console?
I've read that netstat can do this, but I can not find , what exactly should I do with that, as I'm newbie on "Unix" systems.
You probably want sockstat if you're on FreeBSD:
sockstat -c -L -P tcp -p 80

Resources