Finding port numbers
-
jasonxxx102
- Fame ! Where are the chicks?!
- Posts: 176
- Joined: 04 Feb 2008, 17:00
- 16
- Contact:
Finding port numbers
How can i find somebodys port number? and ip address
depends on the person....
you could use an ip sniffer/scanner, generally speaking "whois"ing a person in IRC doesnt really work, sure, you will get an Ip address but that is typically the IP of their ISP provider not of the person.
To get the IP address of a person you really need a direct link from your compy to theirs, this can be easily acheived by sending them a file (music, file, game etc). Open you command prompt
go to start, run type cmd:
then type netstat -a or netstat -n
as to finding out the ports:
* Well Known Ports (0 - 1023)
* Registered Ports (1024 - 49151)
* Dynamic and/or Private Ports (49152 - 65535)
Thats the broad ranges, typically the most basic port scan will simply try to determine whether the victims ports are open by use of a specially adapted packet.However you will need to learn some stealth techniques to conceal your activities, port scans are seen as suspicious/errors because they send data but dont ask for it. Do it too often and the logs will begin to think that it is a DDoS attack.
you could use an ip sniffer/scanner, generally speaking "whois"ing a person in IRC doesnt really work, sure, you will get an Ip address but that is typically the IP of their ISP provider not of the person.
To get the IP address of a person you really need a direct link from your compy to theirs, this can be easily acheived by sending them a file (music, file, game etc). Open you command prompt
go to start, run type cmd:
then type netstat -a or netstat -n
as to finding out the ports:
* Well Known Ports (0 - 1023)
* Registered Ports (1024 - 49151)
* Dynamic and/or Private Ports (49152 - 65535)
Thats the broad ranges, typically the most basic port scan will simply try to determine whether the victims ports are open by use of a specially adapted packet.However you will need to learn some stealth techniques to conceal your activities, port scans are seen as suspicious/errors because they send data but dont ask for it. Do it too often and the logs will begin to think that it is a DDoS attack.
-
CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 18
and this is coming from someone who claims to not have a 'hacker' persona....snickersSwan wrote:depends on the person....
you could use an ip sniffer/scanner, generally speaking "whois"ing a person in IRC doesnt really work, sure, you will get an Ip address but that is typically the IP of their ISP provider not of the person.
To get the IP address of a person you really need a direct link from your compy to theirs, this can be easily acheived by sending them a file (music, file, game etc). Open you command prompt
go to start, run type cmd:
then type netstat -a or netstat -n
as to finding out the ports:
* Well Known Ports (0 - 1023)
* Registered Ports (1024 - 49151)
* Dynamic and/or Private Ports (49152 - 65535)
Thats the broad ranges, typically the most basic port scan will simply try to determine whether the victims ports are open by use of a specially adapted packet.However you will need to learn some stealth techniques to conceal your activities, port scans are seen as suspicious/errors because they send data but dont ask for it. Do it too often and the logs will begin to think that it is a DDoS attack.
jason,
port scanning is like ringing someones doorbell prior to burglarizing them, you are scoping the place out to see weaknesses. However, be VERY careful about port scanning, typically ISPs get very shitty about any port scanning, regardless of the intention. If you could tell me what country you live in i can help much better, im a law student, so i know the legalities of the computing world ONLY for my own jurisdiction.
echo - 7/tcp - Echo
ftp-data - 20/udp - File Transfer [Default Data]
ftp - 21/tcp - File Transfer [Control]
ssh - 22/tcp - SSH Remote Login Protocol
telnet - 23/tcp - Telnet
domain - 53/udp - Domain Name Server
www-http - 80/tcp - World Wide Web HTTP
The above are the most common ports.
Generally, port scanners take a brute force approach, they tend to send loads and loads of packets all at once so as to see which one is vulnerable. With such activity, this will generally cause a HUGE amount of attention which you do not want.
So, if you can space out the packet sending over a longer period of time, this will look far more normal and thus not so suspicious. Slow and steady my friend!
Why not code your pown port scanner, with a delayed time setting? Just a thought.
port scanning is like ringing someones doorbell prior to burglarizing them, you are scoping the place out to see weaknesses. However, be VERY careful about port scanning, typically ISPs get very shitty about any port scanning, regardless of the intention. If you could tell me what country you live in i can help much better, im a law student, so i know the legalities of the computing world ONLY for my own jurisdiction.
echo - 7/tcp - Echo
ftp-data - 20/udp - File Transfer [Default Data]
ftp - 21/tcp - File Transfer [Control]
ssh - 22/tcp - SSH Remote Login Protocol
telnet - 23/tcp - Telnet
domain - 53/udp - Domain Name Server
www-http - 80/tcp - World Wide Web HTTP
The above are the most common ports.
Generally, port scanners take a brute force approach, they tend to send loads and loads of packets all at once so as to see which one is vulnerable. With such activity, this will generally cause a HUGE amount of attention which you do not want.
So, if you can space out the packet sending over a longer period of time, this will look far more normal and thus not so suspicious. Slow and steady my friend!
Why not code your pown port scanner, with a delayed time setting? Just a thought.
-
Big-E
- Administrator
- Posts: 1332
- Joined: 16 May 2007, 16:00
- 16
- Location: IN UR ____ , ____ING UR _____ .
- Contact:
Actually the first 1024 are allocated as the 'well-known' ports with 1025-65536 being the lesser known ports, but again are often associated with known applications.
As far as sending out a bunch of packets rapidly, as to see which one is not true. Think of it as this:
You take a snow ball and toss it at a door, if it breaks it is then closed but if it goes through (you get a response) then you know this port is open.
BASICALLY that is how port scanning works BUT there are various types of packets and protocols you can use for reconnaissance, some will light up logs and some are totally not obtrusive (and because most sys-admins don't want a completely flooded log files, they are often ignored)
Just doing a simple google on the topic and I azm sure you can come up with 1000's of sites explaining methods, WITH diagrams, on how port scanning works. I personally use TCP/IP Foundaztions by Syngress Publishing. But GET THIS - You will not learn, if you do not read!
As far as sending out a bunch of packets rapidly, as to see which one is not true. Think of it as this:
You take a snow ball and toss it at a door, if it breaks it is then closed but if it goes through (you get a response) then you know this port is open.
BASICALLY that is how port scanning works BUT there are various types of packets and protocols you can use for reconnaissance, some will light up logs and some are totally not obtrusive (and because most sys-admins don't want a completely flooded log files, they are often ignored)
Just doing a simple google on the topic and I azm sure you can come up with 1000's of sites explaining methods, WITH diagrams, on how port scanning works. I personally use TCP/IP Foundaztions by Syngress Publishing. But GET THIS - You will not learn, if you do not read!
