Ethical hacking: Port interrogation tools and techniques
“Know your enemy.” This is as true in hacking as it is in war, and port interrogation is a key part of that.
Port interrogation is a key skill that the bad guys use frequently when they begin their attacks. Ethical hackers should become intimately familiar with the tools and techniques of port interrogation in order to help their organization better defend against them.
FREE role-guided training plans
This article will help you explore the details of port interrogation. We’ll look at what port interrogation is and the different tools and techniques that ethical hackers should understand.
What is port interrogation?
Port interrogation, also known as port scanning, is a way to see which ports are enabled and open. It is also a way to discover details about the services running on these open ports, including application name, version number and other useful information like info about the traffic crossing the network.
This is valuable because different application versions have their own vulnerabilities. Real attackers want to know this because the attack techniques they choose will depend on this. They also want to know which unnecessary services are running on open ports because they are the reconnaissance equivalent of a sitting duck — if you don’t use a service (or monitor them on some level), it can be a vulnerability. You, as the ethical hacker, want to know this so you can address these vulnerabilities long before attackers can exploit them.
Port interrogation tools
There are a variety of tools available for port interrogation purposes. The general idea with these tools is that IP packets are used to gather reconnaissance information about network ports.
Nmap
Nmap is free, open-source and the most well-known of all port scanning/interrogation tools. It works by sending raw IP packets to targeted ports and can gather a plethora of information about its target. Just some of this information includes available ports, available hosts, what services are running on available hosts, application name and version, the target system’s OS and version, finding vulnerabilities on hosts, the type of packet filters in use, firewall information and a great deal of other information.
Unicornscan
Unicornscan is a powerful, sophisticated and stateless port scan and reconnaissance tool that has hundreds of features. What sets it apart from other tools is that it uses its own TCP/IP stack, which means it is faster than other tools. Some of the unique features it offers include:
- Asynchronous stateless TCP scanning
- Asynchronous banner grabbing — used in OS and application fingerprinting
- Asynchronous UDP scanning (protocol specific)
- Remote OS and application detection (active and passive)
- Enable multiple modules from command line
- PCAP filtering and file logging
- Capability to store scan results in a relational database (output)
- Custom module support
- Customizable data set views
Angry IP Scanner
This cross-platform, open-source network scanner is built for speed and simplicity. It works by pinging every IP address on a network and can perform port and IP address scanning and find NetBIOS and web server information, among many other useful features. Angry IP Scanner provides all of this at no cost (yes, free!).
Advanced Port Scanner
Advanced Port Scanner is a very fast, robust, small and easy-to-use port scanner. It offers a user-friendly interface with rich functionality, including application names and versions and getting useful information about network devices. Like many other port interrogation tools, this one is free.
Port interrogation techniques
Port interrogation tools have automated these techniques, but they are still important for ethical hackers to understand. Below is a list of the major techniques that power the port interrogation tools above.
- Vanilla TCP Connect Scan: This is the most basic technique of the bunch. It uses the operating system’s connect system call to open a connection to every available port
- Address Resolution Protocol (ARP) scan: This technique helps you map out an entire network. It works by sending out a series of broadcasts and discovers active local network devices by incrementing the address field in the ARP broadcast
- TCP/IP stack fingerprinting: This technique is used by Nmap and helps it detect a wealth of information about a target’s OS, also known as OS detection. It involves sending a series of TCP and UDP packets to hosts and examines responses bit by bit. Dozens of tests are performed including TCP ISN sampling, IP ID sampling and initial window size check. Results are then compared with known OS fingerprints, which lets you know if there is a match. Just some of the information this technique gathers includes underlying OS, OS version, vendor name and device type
Conclusion
Port interrogation is one of the first actions attackers take when they begin an attack. As part of the reconnaissance phase of an attack, port interrogation can discover a wealth of information about a target including the traffic coming over their network, how many hosts are on the network, information about the services running on available ports and more.
Ethical hackers need to know how the real bad guys think and where they may be looking when they are casing your organization for an attack. Gaining a thorough understanding of these port interrogation tools and techniques will help keep you a step ahead.
Become a Certified Ethical Hacker, guaranteed!
Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.
Sources
- Top 5 Best Port Scanners, SecurityTrails
- All About Port Scanning, Avast Business
- OS Detection, Nmap
Enroll in an Ethical Hacking Boot Camp and earn two of the industry’s most respected certifications — guaranteed.
- CEH exam voucher
- PenTest+ exam voucher
- Exam Pass Guarantee
- Live online hacking training
In this Series
- Ethical hacking: Port interrogation tools and techniques
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
- Ethical hacking: Attacking routers
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
