Port and Service Enumeration in Ethical hacking

Reference: Ethical Hacking and Penetration with Kali Linux

The process of tying the program or service to the TCP/IP port it uses is called port enumeration. Below headlines provide some info about enumeration and how it is done.

Identifying Ports and Services

• This step will be the next after Scanning to determine live hosts
• Identifying services and open ports tells what function box is performing and what OS is running
• Exploitation of those services can begin after this step
• Port scans are run to determine what ports on computer is listening on
• Ping/Port/Service scans are frequently run together using the same tool

OS Fingerprinting

• This step is used to determine what OS on target system is running, then exploit vulnerabilities associated with that OS
• IT works based on the fact that some OSes implement TCP/IP stack differently and responses to certain scans determine the type of OS
• Some OSes run particular services on certain ports and this is another way of identifying their OS
• Example: 137,138,139,445 indicate windows 2000 or above

Popular Scanners

• SuperScan - Windows base application now owned by Mcafee 
• Hping - Hping is a command-line oriented TCP/IP packet scanner/assembler/analyser
• Nmap
• Nmap is the most popular scanner which is *nix based. It has a windows version as well.
• Offers full, half, stealth & UDP scan