CONNECTION TO A TCP/UDP PORT AND ANALYSIS WITH WIRESHARK
- Layout topology for this exercise:
- Netcat is able to connect to a port, checking whether it is open or closed, and also reading the banner from that port. In this exercise, let's use Netcat to connect to a remote POP3 mail service, running on a Windows 7 machine on port 110.
- A nc connection is launched from Kali Linux to Windows on port 110 (POP3). The output shows that the connection is successful, and a dialogue is started between client (Kali Linux) and server (W7). The server displays the welcome banner (POP3 server ready), waiting for a USER and PASS. In this case the login attempt fails because the password is unknown, but a further password attack could be used for authentication.
- Analysis with Wireshark is always interesting. First, a filter is set to avoid all the noisy info output that Wireshark would probably produce: tcp port == 110
- It is easy to follow the three-way-handshale TCP connection process. SYN (initiates the three-way-handshake):
- SYN, ACK:
- FIN, ACK (closing the connection):
- Following the TCP stream: