AdSense

Friday, September 30, 2016

NETCAT / 4 - Connection to a TCP/UDP port and analysis with Wireshark


CONNECTION TO A TCP/UDP PORT AND ANALYSIS WITH WIRESHARK

- Layout topology for this exercise:


















- Netcat is able to connect to a port, checking whether it is open or closed, and also reading the banner from that port. In this exercise, let's use Netcat to connect to a remote POP3 mail service, running on a Windows 7 machine on port 110. 




- A nc connection is launched from Kali Linux to Windows on port 110 (POP3). The output shows that the connection is successful, and a dialogue is started between client (Kali Linux) and server (W7). The server displays the welcome banner (POP3 server ready), waiting for a USER and PASS. In this case the login attempt fails because the password is unknown, but a further password attack could be used for authentication.




- Analysis with Wireshark is always interesting. First, a filter is set to avoid all the noisy info output that Wireshark would probably produce: tcp port == 110




- It is easy to follow the three-way-handshale TCP connection process. 
SYN (initiates the three-way-handshake):



- SYN, ACK:




- ACK:




- FIN, ACK (closing the connection):




- Following the TCP stream: