{{ SECURITY Network packet Forensic }}
Chapter 9-2 : Port scan and Packet analysis
For TCP scan, 3-way handshaking will be used to check the opened ports.
Fro UDP scan, if some ports are opened then there will be no response. So in this case, you can checked 'ICMP unreachable' message for the closed ports.
In [Conversation] menu, select [UDP] tab.
There is no TCP like session establishment procedure. But there is ICMP protocol which is belong to layer 3.
And using filter, you can checked the open UDP ports.
[ip.src==192.168.0.112 && ip.dst==192.168.0.15&&udp¬ icmp]
반응형
'Security&Encryption > Network Packet Forensic' 카테고리의 다른 글
| Wireless Packet Analysis - 1 (0) | 2016.03.08 |
|---|---|
| Shell code packet analysis - 1 (0) | 2016.03.07 |
| TCP Port Scan (0) | 2016.03.06 |
| Analysis for SMTP (0) | 2016.03.06 |
| Analysis HTTP Contents (0) | 2016.03.03 |