Destination sent RST, ACK packet to the source.nmap -sT -p 3389 192.168.1.102įrom the given image you can observe the result that port 3389 is closed. Type following NMAP command for TCP scan as well as start Wireshark on another hand to capture the sent Packet. Source sent SYN pack and if the port is close the receiver will be sent a response through RST, ACK.
According to a given image, it is showing if scanning port is closed then 3-way handshake connection would be not possible between source and destination. Let’s figure out network traffic for the close port.
Source again sent RST, ACK to destination. Source sent ACK packet to the destination. Source sent SYN packet to the destination. You will notice that it has captured the same sequence of the flag as described above: Look over the sequence of packet transfer between source and destination captured through Wireshark. nmap -sT -p 445 192.168.1.102įrom the given image you can observe the result that port 445 is open. If the port is open then source made request with SYN packet, a response destination sent SYN, ACK packet and then source sent ACK packets, at last source again sent RST, ACK packets. Tcp scan will scan for TCP port like port 22, 21, 23, 445 etc and ensure for listening port (open) through 3-way handshake connection between the source and destination port. Note: The Below Practical is performed with the same IP address (192.168.1.102), which you will notice is common for our Windows and Linux Machine, you may differentiate them by their MAC addresses in this case. Here you will notice that how Wireshark captured different network traffic packet for open and close ports. 
8.In this article, you will learn how to capture network packet using Wireshark when an attacker is scanning target using NMAP port scanning method.
0 kommentar(er)
