Sniffing dan Port Scaning

Posted: March 15, 2011 in Ilmu Komputer

Kali ini saya akan mencoba melakukan sniffing dan port scaning menggunakan tools seperti tcpdump, wireshark, dan sejenisnya pada 2 buah pc dengan menggunakan jaringan wireless. Ok langsung saja kepada prakteknya.

Kali ini saya akan mencoba melakukan sniffing dan port scaning menggunakan tools seperti tcpdump, wireshark, dan sejenisnya pada 2 buah pc dengan menggunakan jaringan wireless. Ok langsung saja kepada prakteknya.

Langkah awal :

1. Jalan program wireshark pada komputer a (misal ip nya 167.205.60.102) untuk memonitor paket yang menuju komputer a.

2. Jalankan program Zenmap pada komputer b (misal ip nya 167.205.60.69) untuk melakukan port scaning pada komputer a.

3. Simpan hasil capture pada kedua komputer a dan b .

Hasil :

Pada komputer b yang menjalankan program Zenmap didapat hasil capture nya sebagai berikut :

Starting Nmap 5.51 ( http://nmap.org ) at 2011-03-15 13:00 SE Asia Standard Time
NSE: Loaded 57 scripts for scanning.
Initiating ARP Ping Scan at 13:00
Scanning 167.205.60.102 [1 port]
Completed ARP Ping Scan at 13:00, 0.19s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:00
Completed Parallel DNS resolution of 1 host. at 13:00, 0.00s elapsed
Initiating SYN Stealth Scan at 13:00
Scanning hotspot-timur-102.itb.ac.id (167.205.60.102) [1000 ports]
Discovered open port 3306/tcp on 167.205.60.102
Discovered open port 443/tcp on 167.205.60.102
Discovered open port 139/tcp on 167.205.60.102
Discovered open port 445/tcp on 167.205.60.102
Discovered open port 135/tcp on 167.205.60.102
Discovered open port 80/tcp on 167.205.60.102
Discovered open port 3389/tcp on 167.205.60.102
Discovered open port 2869/tcp on 167.205.60.102
Discovered open port 5101/tcp on 167.205.60.102
Discovered open port 990/tcp on 167.205.60.102
Completed SYN Stealth Scan at 13:01, 5.68s elapsed (1000 total ports)
Initiating Service scan at 13:01
Scanning 10 services on hotspot-timur-102.itb.ac.id (167.205.60.102)
Completed Service scan at 13:03, 121.36s elapsed (10 services on 1 host)
Initiating OS detection (try #1) against hotspot-timur-102.itb.ac.id (167.205.60.102)
NSE: Script scanning 167.205.60.102.
Initiating NSE at 13:03
Completed NSE at 13:03, 32.61s elapsed
Nmap scan report for hotspot-timur-102.itb.ac.id (167.205.60.102)
Host is up (0.0081s latency).
Not shown: 990 closed ports
PORT     STATE SERVICE      VERSION
80/tcp   open  http         Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
135/tcp  open  msrpc        Microsoft Windows RPC
139/tcp  open  netbios-ssn
443/tcp  open  ssl/http     Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
|_sslv2: server still supports SSLv2
|_http-title: Index of /
| http-methods: GET HEAD POST OPTIONS TRACE
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
445/tcp  open  microsoft-ds Microsoft Windows XP microsoft-ds
990/tcp  open  ftps?
2869/tcp open  http         Microsoft HTTPAPI httpd 1.0 (SSDP/UPnP)
3306/tcp open  mysql        MySQL (unauthorized)
3389/tcp open  tcpwrapped
5101/tcp open  admdog?
MAC Address: E8:39:DF:25:55:39 (Askey Computer)

Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP SP2 or SP3
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows

Host script results:
| nbstat:
|   NetBIOS name: CUMI, NetBIOS user: <unknown>, NetBIOS MAC: e3:32:df:25:55:39 (Askey Computer)
|   Names
|     CUMI<00>          Flags: <unique><active>
|     CUMI<20>          Flags: <unique><active>
|     WORKGROUP<00>        Flags: <group><active>
|_    WORKGROUP<1e>        Flags: <group><active>
|_smbv2-enabled: Server doesn’t support SMBv2 protocol
| smb-os-discovery:
|   OS: Windows XP (Windows 2000 LAN Manager)
|   Name: WORKGROUP\CUMI
|_  System time: 2011-03-15 13:03:03 UTC+7

TRACEROUTE

HOP RTT     ADDRESS
1   8.11 ms hotspot-timur-102.itb.ac.id (167.205.60.102)
Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 162.97 seconds
Raw packets sent: 1109 (49.494KB) | Rcvd: 3425 (139.052KB)

Lalu pada komputer a yang menjalankan program wireshark didapat hasil capture sebagai berikut : Wireshark

Dari hasil capture wireshark yang telah didapat, dapat dilihat bahwa terbukti bahwa komputer b (167.205.60.96) melakukan port scaning terhadap komputer a (167.205.60.102).

  1. Jalankan tcpdump/wireshark di sebuah komputer (misal IP 192.168.1.7) dan monitor paket yang menuju ke komputer tersebut (dst 192.168.1.7)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s