Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Using Wireshark to find Unblocked Ports?
New Posts  All Forums:Forum Nav:

Using Wireshark to find Unblocked Ports?

post #1 of 6
Thread Starter 
Is there a good guide on how to do this?

I am hoping to advance to my knowledge of networking and my apartment is unfortunately tied to my Universities network, so I am unsure of what its make up is.

I could probably just e-mail and ask out NOC, but I would like to know how to do this myself.

Edit:

My apologies I meant NMAP. I am not a smart man.
Edited by Kitler - 12/16/13 at 5:16pm
Unruhig
(17 items)
 
Sager NP9150
(7 items)
 
Gesetzlos
(5 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 P150HMx AMD Radeon HD 6990M Series Samsung  
RAMHard DriveOptical Drive
Samsung  Intel 510 What lool?!?! 
  hide details  
Reply
Unruhig
(17 items)
 
Sager NP9150
(7 items)
 
Gesetzlos
(5 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 P150HMx AMD Radeon HD 6990M Series Samsung  
RAMHard DriveOptical Drive
Samsung  Intel 510 What lool?!?! 
  hide details  
Reply
post #2 of 6
Wireshark isnt used for this ^_^, wireshark is a pasive "listener" that just accepts every pack it recives rather than a select few

You want a tool like Nmap, it sends a Syn packet to ports and looks at its response, Syn-ACK = open, TCP-RST = nothings there, TCP-DROP - a firewall is in the way (* Not technically true a firewall can send allsorts back but as a rough thing its right)
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #3 of 6
Thread Starter 
Quote:
Originally Posted by Ulquiorra View Post

Wireshark isnt used for this ^_^, wireshark is a pasive "listener" that just accepts every pack it recives rather than a select few

You want a tool like Nmap, it sends a Syn packet to ports and looks at its response, Syn-ACK = open, TCP-RST = nothings there, TCP-DROP - a firewall is in the way (* Not technically true a firewall can send allsorts back but as a rough thing its right)


doh.gif Whoops. I meant to say NMAP.

Recently was introduced to both tools. I ran NMAP a couple weeks ago, but I am not sure if I did it correctly.

I did the following from my work network

  • Targeted my home network ip using the built in "Intense Scan, TCP all ports"
  • Got a inconclusive result. I can't remember exactly what it stated, but essentially it was telling me that all ports were not pingable
Unruhig
(17 items)
 
Sager NP9150
(7 items)
 
Gesetzlos
(5 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 P150HMx AMD Radeon HD 6990M Series Samsung  
RAMHard DriveOptical Drive
Samsung  Intel 510 What lool?!?! 
  hide details  
Reply
Unruhig
(17 items)
 
Sager NP9150
(7 items)
 
Gesetzlos
(5 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 P150HMx AMD Radeon HD 6990M Series Samsung  
RAMHard DriveOptical Drive
Samsung  Intel 510 What lool?!?! 
  hide details  
Reply
post #4 of 6
Thats cool ^_^

So are you using ZenMap (the gui), It usually easier to use the command section of that to write what you want smile.gif

For example a nmap command could be
Code:
nmap 10.0.0.1 -T5 -p- -sS

Which can be explained by this awseome site below smile.gif
http://explainshell.com/explain?cmd=nmap+10.0.0.1+-T5+-p-+-sS+

In essence what it does is a Syn scan, againt the ip address, at maximum speed, aginst every TCP port, for it to show something as open there has to be a service on the other side, for example

[ ~]$ nmap 149.255.102.118
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp filtered https
444/tcp closed https


There are other usefull options to like -sV (version scanning), one thing it wont show you is if the traffic if DNAT'd to somewhere else, for example allot of netowrks DNAT traffic for DNS to their own networks servers, to test this you need something which you can confirm a hit on the other end,

If you want somethign that can create "open" ports you can use a tool such as netcat (nc) to do this, its awsome smile.gif
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #5 of 6
Thread Starter 
Quote:
Originally Posted by Ulquiorra View Post

Thats cool ^_^

So are you using ZenMap (the gui), It usually easier to use the command section of that to write what you want smile.gif

For example a nmap command could be
Code:
nmap 10.0.0.1 -T5 -p- -sS

Which can be explained by this awseome site below smile.gif
http://explainshell.com/explain?cmd=nmap+10.0.0.1+-T5+-p-+-sS+

In essence what it does is a Syn scan, againt the ip address, at maximum speed, aginst every TCP port, for it to show something as open there has to be a service on the other side, for example

[ ~]$ nmap 149.255.102.118
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp filtered https
444/tcp closed https


There are other usefull options to like -sV (version scanning), one thing it wont show you is if the traffic if DNAT'd to somewhere else, for example allot of netowrks DNAT traffic for DNS to their own networks servers, to test this you need something which you can confirm a hit on the other end,

If you want somethign that can create "open" ports you can use a tool such as netcat (nc) to do this, its awsome smile.gif

Thank you so much. I got this to work and found out that I am able to open ports. This opens so many possibilities!

Is there any good instruction online for running a network with open ports? Would it be good practice to put these machines on their own subnet? I am primarily concerned with the security risks this presents.

I probably should make a new thread for this now. tongue.gif
Unruhig
(17 items)
 
Sager NP9150
(7 items)
 
Gesetzlos
(5 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 P150HMx AMD Radeon HD 6990M Series Samsung  
RAMHard DriveOptical Drive
Samsung  Intel 510 What lool?!?! 
  hide details  
Reply
Unruhig
(17 items)
 
Sager NP9150
(7 items)
 
Gesetzlos
(5 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 P150HMx AMD Radeon HD 6990M Series Samsung  
RAMHard DriveOptical Drive
Samsung  Intel 510 What lool?!?! 
  hide details  
Reply
post #6 of 6
Being able to open ports is comming in smile.gif unless you mean at your other site, usually the "rules" are
1) Maintainance
Patch software, keep it up to date and reduce the amount of invulnerability
2) Access
Make sure that only the minimum access is granted, for example if you know a static ip will be the only person accessing the service, only let this static ip through to the back end
3) Least service
Only open what you need nothing more, no need to open ftp if you only need sftp

smile.gif
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Using Wireshark to find Unblocked Ports?