NMAP - Analizando los paquetes que genera al lanzar un scan
Nmap, incorporá en sus últimas versiones la posibilidad de analizar el tráfico que genera la herramienta durante un scan de puertos, al incluir el parámetro --packet_trace en nuestro scan, podremos obtener una salida como esta:
Nmap --packet_trace localhost
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-02 10:24 CET
CONN (0.1610s) TCP localhost > 127.0.0.1:3389 => Operation now in progress
CONN (0.1610s) TCP localhost > 127.0.0.1:80 => Operation now in progress
CONN (0.1610s) TCP localhost > 127.0.0.1:113 => Operation now in progress
CONN (0.1610s) TCP localhost > 127.0.0.1:1723 => Operation now in progress
CONN (0.1620s) TCP localhost > 127.0.0.1:23 => Operation now in progress
CONN (0.1620s) TCP localhost > 127.0.0.1:53 => Operation now in progress
CONN (0.1620s) TCP localhost > 127.0.0.1:389 => Operation now in progress
CONN (0.1620s) TCP localhost > 127.0.0.1:443 => Operation now in progress
CONN (0.1620s) TCP localhost > 127.0.0.1:21 => Operation now in progress
CONN (0.1990s) TCP localhost > 127.0.0.1:25 => Operation now in progress
CONN (0.2000s) TCP localhost > 127.0.0.1:636 => Operation now in progress
CONN (0.2000s) TCP localhost > 127.0.0.1:256 => Operation now in progress
CONN (0.2000s) TCP localhost > 127.0.0.1:554 => Operation now in progress
CONN (0.2030s) TCP localhost > 127.0.0.1:22 => Operation now in progress
CONN (0.2030s) TCP localhost > 127.0.0.1:348 => Operation now in progress
CONN (0.2030s) TCP localhost > 127.0.0.1:977 => Operation now in progress
CONN (0.2030s) TCP localhost > 127.0.0.1:419 => Operation now in progress
Resulta bastante útil cuando se quiere saber en que fase del analisis esta Nmap, en que puerto, etc,etc..
Comentarios
Gracias por el aporte, me ha servido de mucho en una practica de intrusión. Saludos
Añadir comentario