tailieunhanh - Lecture notes on Computer and network security: Lecture 23 - Avinash Kak

Lecture 23, port and vulnerability scanning, packet sniffing, intrusion detection, and penetration testing. After studying this chapter you will be able to understand: Port scanners, the nmap port scanner, vulnerability scanners, the nessus vulnerability scanner, packet sniffers, intrusion detection, the metasploit framework, the netcat utility. | Lecture 23: Port and Vulnerability Scanning, Packet Sniffing, Intrusion Detection, and Penetration Testing Lecture Notes on “Computer and Network Security” by Avi Kak (kak@) April 7, 2016 3:46pm c 2016 Avinash Kak, Purdue University Goals: • Port scanners • The nmap port scanner • Vulnerability scanners • The Nessus vulnerability scanner • Packet sniffers • Intrusion detection • The Metasploit Framework • The Netcat utility CONTENTS Section Title Port Scanning Page 3 Port Scanning with Calls to connect() 5 Port Scanning with TCP SYN Packets 7 The nmap Port Scanner 9 Vulnerability Scanning 15 The Nessus Vulnerability Scanner 16 Installing Nessus 19 About the nessus Client 23 Packet Sniffing 24 Packet Sniffing with tcpdump 30 Packet Sniffing with wireshark 32 Intrusion Detection with snort 35 Penetration Testing and Developing New Exploits with the Metasploit Framework 45 The Extremely Versatile Netcat Utility 50 Homework Problems 58 Computer and Network Security by Avi Kak Lecture 23 : PORT SCANNING • See Section of Lecture 21 for the mapping between the ports and many of the standard and non-standard services. As mentioned there, each service provided by a computer monitors a specific port for incoming connection requests. There are 65,535 different possible ports on a machine. • The main goal of port scanning is to find out which ports are open, which are closed, and which are filtered. • Looking at your machine from the outside, a given port on your machine is open if you are running a server program on the machine and the port is assigned to the server. If you are not running any server programs, then, from the outside, no ports on your machine are open. This would ordinarily be the case with a brand new laptop that is not meant to provide any services to the rest of the world. But, even with a laptop that was .