Wiki

User Tools

Site Tools

Trace:
iptables:test_the_firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
iptables:test_the_firewall [2016/10/19 10:43] – created peteriptables:test_the_firewall [2019/11/29 17:57] (current) – removed peter
Line 1: Line 1:
-====== IPTables - Test the firewall ====== 
- 
-===== Scan your Target for Open TCP Ports ===== 
- 
-Scan our target host for open TCP ports. 
- 
-There are actually a few TCP scans that nmap knows how to do.  The best one to usually start off with is a SYN scan, also known as a "half-open scan" because it never actually negotiates a full TCP connection.  This is often used by attackers because it fails to register on some intrusion detection systems because it never completes a full handshake. 
- 
-==== Setting Up the Packet Capture ==== 
- 
-Use **tcpdump** to capture the traffic generated by the test.  This will be used to analyze the packets sent and received in more depth later on if we need to.  Let's create a directory within **~/scan_results** so that we can keep the files related to our SYN scan together: 
- 
-<code bash> 
-mkdir ~/scan_results/syn_scan 
-</code> 
- 
-We can start a **tcpdump** capture and write the results to a file in our **~/scan_results/syn_scan** directory with the following command: 
- 
-<code bash> 
-sudo tcpdump host target_ip_addr -w ~/scan_results/syn_scan/packets 
-</code> 
- 
-By default, **tcpdump** will run in the foreground.  In order to run our nmap scan in the same window, we'll need to pause the tcpdump process and then restart it in the background. 
- 
-We can pause the running process by hitting **CTRL-Z**: 
- 
-<code bash> 
-CTRL-Z 
-</code> 
- 
-This will pause the running process: 
- 
-Output 
- 
-<code> 
-^Z 
-[1]+  Stopped                 sudo tcpdump host target_ip_addr -w ~/scan_results/syn_scan/packets 
-</code> 
- 
-**NOTE**:  You can restart the job in the background by typing **bg**: 
- 
-<code bash> 
-bg 
-</code> 
- 
-You should see a similar line of output, this time without the "**Stopped**" label and with an ampersand at the end to indicate that the process will be run in the background: 
- 
-Output 
- 
-<code> 
-[1]+ sudo tcpdump host target_ip_addr -w ~/scan_results/syn_scan/packets & 
-</code> 
- 
-The command is now running in the background, watching for any packets going between our audit and target machines.  We can now run our SYN scan. 
  
iptables/test_the_firewall.1476873787.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki