Advance

How to Use Wireshark in Nmap

How to Use Wireshark in Nmap
3
(3)

Wireshark is a powerful tool for analyzing network traffic and protocols. With the help of Wireshark, you can capture network traffic and search within the captured traffic. Wireshark’s great features and ease of use make it one of the most popular network traffic analysis tools among network and security professionals. In this article, we try to teach you How to Use Wireshark in Nmap. It should note that you can visit the packages available in Eldernode if you want to buy a VPS server.

Tutorial Use Wireshark in Nmap step by step

In the rest of this article, we’re going to teach you how to capture a network packet using Wireshark when an attacker scans the target using the NMAP port scanning method. In this tutorial, you will also learn how Wireshark records different packets of network traffic for open and closed ports. So we ask you to join us in this article with How to Use Wireshark in Nmap tutorial.

Recommended Article: Introduction Nmap Tool And Check Its Applications

Wireshark applications

Wireshark can be used for the following:

1- Troubleshooting and debugging in the network

2- Testing security problems

3- Analysis and development of protocols

4- Performing hacking operations

5- Network and security training

Use Wireshark in Nmap

The important point to note in this section is that in this section, work is done with the IP address (192.168.1.102). This is common for Windows and Linux devices. So you can distinguish them by your MAC address. In the following, we will introduce you to the different sections on how to use Wireshark in Nmap. Please join us.

How TCP Scan works

TCP Scan scans the TCP port like ports 21, 22, 23, 445. It should note that this scan ensures listening to the (open) port via a three-way manual connection between the source port and the destination port. After doing this, if the port is open, the source requests with the SYN packet, sends the SYN response destination, the ACK packet, and then the ACK packet source. Finally, the source again sent RST, ACK packets.

You can type the NMAP command to scan TCP as shown below. Also start the Wireshark on the other side to get the package:

nmap -sT -p 445 192.168.1.102

As you can see in the image below, executing the above command indicates that port 445 is open.

 

tcp scan on nmap

 

At this point, you can look over the sequence of packet transfer between source and destination captured through Wireshark.

1. Source sent SYN packet to the destination

2. Destination sent SYN, ACK to source

3. Source sent ACK packet to the destination

4. Source again sent RST, ACK to destination

 

tcp scan on wireshark

 

At this point, you can check the network traffic for the close port. If the scan port is closed, then a 3-way handshake connection would not be possible between source and destination. The source sends the Syn Pack, and if the port is closed, the receiver sends a response via RST, ACK.

You can use the following command for TCP scan as well as start Wireshark on another hand to capture the sent Packet:

nmap -sT -p 3389 192.168.1.102

As you can see in the image below, port 3389 is closed.

 

how to close port on nmap with wireshark

 

Now here you can Look over the sequence of packet transfer between source and destination captured through Wireshark.

 

packet transfer on nmap with wireshark

 

How Stealth Scan works

SYN Scan is one of the most popular scans. This type of scan can be done easily and quickly and scans thousands of ports every second. It is also relatively typical and stealthy since it never completes TCP connections. Note that the port is also open if an SYN packet (without ACK flag) is received in response. Note that this scan is referred to as half-open scanning because you do not open the full TCP connection.

Like the following command, you can scan the NMAP instruction for TCP. You can also start Wireshark on the other side to record the packet sent:

nmap -sS -p 22 192.168.1.102

By executing the above command, you will see that port 22 is open.

 

stealth scan on nmap with wireshark

 

In the image below you can see a sequence of packet transfers between source and destination taken via Wireshark.

1. Source sent SYN packets to the destination

2. Destination sent SYN, ACK packets to the source

3. Source sent RST packets to the destination

 

packet transfer with wireshark

 

Now you need to scan the NMAP instruction using the following command for TCP. Note that you must start the Wireshark on the other side to record the packet sent.

nmap -sS -p 3389 192.168.1.102

As you can see in the image below, port 3389 is closed.

 

how to close port on wireshark

 

You will see the following image carefully:

1. Source sent SYN packets to the destination

2. Destination sent RST, ACK packets to the destination

 

data transfer with wireshark

 

How Fin Scan works

In this section, we will introduce the FIN packet. Note that the FIN packet is using to terminate the TCP connection between the source and destination ports after the complete data transfer. How to do this type of scan is as follows:

In the place of an SYN packet, Nmap starts a FIN scan by using a FIN packet.

If the port is open then no response will come from the destination port when the FIN packet is sent through source port.

Note: Fin-Scan is only workable in Linux machines and does not work on the latest version of windows.

As in the previous steps, you can type the following NMAP command for TCP scan as well as start Wireshark on another hand to capture the sent Packet:

nmap -sF -p 22 192.168.1.102

You will see that port 22 is open.

 

how to fin scan work

 

As you can see in the image below:

1. Source sent FIN packets to the destination

2. Destination sent no reply to the source

 

packet transfer with fin scan

 

Scan the following instructions for TCP again and start Wireshark to record the packet sent:

nmap -sF -p 3389 192.168.1.102

As you can see, port 3389 is closed.

 

Screahow to close port with fin scanenshot (930)

 

Looking at the sequence of packet transfers between the source and destination received via Wireshark, you will see that:

1. Source sent SYN packets to the destination

2. Destination sent RST packets to the destination

 

transfer packet in nmap with wireshark

 

How Null Scan works

In this section, we are going to explain the Null Scan to you. A Null Scan is a series of TCP packets which hold a sequence number of “zeros” (0000000). Since there is no flag in this type of scan, the destination does not know how to respond to the request. For this reason, it destroys this packet and does not send any response indicating that the port is open.

Note: Null scan only works on Linux devices and does not work on the latest version of Windows.

As in the previous steps, you can type the following NMAP command for TCP scan as well as start Wireshark on another hand to capture the sent Packet:

nmap -sN -p 22 192.168.1.102

By executing the above command, you will see that port 22 is open.

 

how to null scan work

 

As you can see in the image below:

1. Source sent Null packets to the destination

2. Destination sent no reply to the source

 

null scan with wireshark

 

Scan the following instructions for TCP again and start Wireshark to record the packet sent:

nmap -sN -p 3389 192.168.1.102

As you can see, port 3389 is closed.

 

how to close port with null scan

 

Looking at the sequence of packet transfers between the source and destination received via Wireshark, you will see that:

1. Source sent Null (none) packets to the destination

2. Destination sent RST, ACK to source

 

packet transfer with wireshark

Conclusion

Wireshark is the name of an Internet analytics tool formerly called Ethereal. This software analyzes the packets that are sent and received via the Internet and displays them to the user. Wireshark has many capabilities and you can use it to check packages sent and received on the Internet. In this article, we tried to teach you to step by step how to Use Wireshark in Nmap by giving an example.

How useful was this post?

Click on a star to rate it!

Average rating 3 / 5. Vote count: 3

No votes so far! Be the first to rate this post.

We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day