Idle Scan - TCP/IP Basic Knowledge

TCP/IP Basic Knowledge

The design and operation of the Internet is based on the Internet Protocol Suite, commonly also called TCP/IP. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering datagrams from the source host to the destination host solely based on their addresses. For this purpose, IP defines addressing methods and structures for datagram encapsulation. It is a connectionless protocol and relies on the transmission of packets. Every IP packet from a given source has an ID that uniquely identifying IP datagram.

TCP provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. TCP is the protocol that major Internet applications rely on, such as the World Wide Web, e-mail, and file transfer. Each application server is called a service. In this system, hosts and host services are referenced using two components: an address and a port number. There are 65536 distinct and usable port numbers per host. Most services use a limited range of numbers.

Some port scanners scan only the most common port numbers, or ports most commonly associated with vulnerable services, on a given host. See: List of TCP and UDP port numbers.

The result of a scan on a port is usually generalized into one of three categories:

• Open or Accepted: The host sent a reply indicating that a service is listening on the port.
• Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.
• Filtered, Dropped or Blocked: There was no reply from the host.

Open ports present two vulnerabilities of which administrators must be wary:

1. Security and stability concerns associated with the program responsible for delivering the service - Open ports.
2. Security and stability concerns associated with the operating system that is running on the host - Open or Closed ports.

Filtered ports do not tend to present vulnerabilities. The host in a local network can be protected by a firewall that filters, according with rules that its administrator set up, packets. This is done to deny services to hosts not known and prevent intrusion in the inside network. The IP protocol is network layer transmission protocol.