Selasa, 13 Mei 2014

How to Know Open, Closed, Filtered Port from Wireshark Packet Capture


In port scanning there are 3 port status, open, closed, filtered port.

Open port means the port is open and running a service for the machine.

Closed port means the port is close and not running any services.

Filtered port means that your probe to these specific port is filtered or dropped by the firewall.

For this test, I used mmap -F 172.16.128 command to scan fewer port to only show you guys the result in wireshark.

This is the result of closed port in wireshark :

As you can see, there are many SYN request to the target port and the target port immediately reply with RST,ACK. From this result we know that the port is closed.

This is the result of open port in wireshark :


From this wireshark packet capture, you can see at packet number 63 sent a SYN packet to http port of the target. At Packet number 65, the target http port sent a SYN,ACK reply which means the port is open and running a service.

And this is the result of filtered port in wireshark :


There is no reply at all from the target machine. This means the probe packet we sent is not even reach the target port because the packet is dropped by the firewall.

Tidak ada komentar:

Posting Komentar