Ethical Hacking

 Using Decoys and Packet Fragmentation in nmap to Bypass Firewalls How to know if a device has firewall:- nmap tells us the port is filtered if the port hides behind a firewall or ids PACKET FRAGMENTATION  nmap -f is used to fragment packets. TCP header is split into parts so that the firewall has hard time reading content you can specify -f multiple times to split a packet again and again. -f once will give 8 byte packet -f -f will give 16 byte packet the more smaller the packet the harder it is to handle  to split packet into custom amount of bytes use nmap --mtu <value> this will split packet into your choice of bytes  while using --mtu the value must be a multiple of 8 USING DECOYS Using decoys work by making the target think that multiple ips are scanning a single target. This will make it harder to determine which ip are innocent and which ip are the culprit. This can be defeated by router path tracing , response dropping and other mechanisms, but is still an effective tec

This a guide to use them:- nmap -A is the aggressive option that use os detection , service detection and scripts to determine any and all information on a target. (Not to be used on a target machine on which you have no authorization) nmap -sn tells a which hosts are up and works similar to netdiscover nmap -p  helps us specify port  nmap -F scans first 100 ports  HOW TO OUTPUT A NMAP SCAN  nmap <arguements and ip port etc> >> filename.txt Results in a file as well as displayed on the terminal nmap -oN filename.txt

A few Important Nmap scans are as given below  nmap -sS only first step of the tcp handshake is done which is sending SYN and as a result you are a little undetectable. The target can send back syn/ack which tells the port is open  it can also send rsd which means port is closed if no response then filtered filtered port means either there is a packet filtering firewall or a normal firewall .... nmap -sT Does not require sudo privileges  It performs scan using tcp packets A total 3 way tcp handshake is done   Will remain fingerprints and traces on the target and easily detectable. Can take a little bit longer nmap -sU Since many service on internet run on tcp, udp is mostly ignored. Which can be helpful to us. This scan can be helpful to us but is a bit slow. Requires root privileges To see all other nmap scans see nmap's manual  can be done using man command man nmap A screen grab for the upper command is as given below  As well as port states and other details  TARGET SPECIFICAT