The TCP connect() scan is named after the connect() call that's used by the operating system to initiate a TCP connection to a remote device. This scan method uses the same TCP handshake connection that every other TCP-based application uses on the network. An active(Open) port sends a SYN|ACK exsuring that it is open, whereas a closed port sends a RST ensuring that it is closed.
TCP Connection with an open port
TCP Connection with a Closed Port
Advantages of the TCP connect() Scan
- No special privileges are required to run the TCP connect() scan.
- Accurate Results
- NMap uses the operating system's normal method of connecting to remote devices via TCP before it tears down the connection with the RST packet.
Disadvantages of the TCP connect() Scan
- Since the TCP connect() scan is completing a TCP connection, normal application processes immediately follow. These applications are immediately met with a RST packet, but the application has already provided the appropriate login screen or introductory page. By the time the RST is received, the application initiation process is already well underway and additional system resources are used.
- Easy to detect and filter by IDS and Firewall.
No comments:
Post a Comment