Ethical hacking: Port interrogation tools and techniques

Introduction

“Know your enemy.” This is as true in hacking as it is in war, and port interrogation is a key part of that.

Port interrogation is a key skill that the bad guys use frequently when they begin their attacks. Ethical hackers should become intimately familiar with the tools and techniques of port interrogation in order to help their organization better defend against them. 

This article will help you explore the details of port interrogation. We’ll look at what port interrogation is and the different tools and techniques that ethical hackers should understand.

What is port interrogation?

Port interrogation, also known as port scanning, is a way to see which ports are enabled and open. It is also a way to discover details about the services running on these open ports, including application name, version number and other useful information like info about the traffic crossing the network. 

This is valuable because different application versions have their own vulnerabilities. Real attackers want to know this because the attack techniques they choose will depend on this. They also want to know which unnecessary services are running on open ports because they are the reconnaissance equivalent of a sitting duck — if you don’t use a service (or monitor them on some level), it can be a vulnerability. You, as the ethical hacker, want to know this so you can address these vulnerabilities long before attackers can exploit them. 

Port interrogation tools

There are a variety of tools available for port interrogation purposes. The general idea with these tools is that IP packets are used to gather reconnaissance information about network ports. 

Nmap

Nmap is free, open-source and the most well-known of all port scanning/interrogation tools. It works by sending raw IP packets to targeted ports (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/PdXbvaMg5Gg/