UGN Security
Posted By: Scallion Scanning...SuperScan 3.0 - 04/13/02 01:09 PM
Okay, so on my quest to check out the web site cracking scene, I got me a scanner. SuperScan 3.0.

The only problem is...whenever I scan blocks of IP's, NONE of them are active. I've had luck on "localhost", but that's the ONLY one. Even website's URL's don't have ports open -- and they should have port 80 open at least.

So my question is this: What's up? Why is noone active?

Also, what kinda packets does SuperScan send out? ICMP?
Posted By: SilentRage Re: Scanning...SuperScan 3.0 - 04/13/02 02:56 PM
The program pings, then scans. a ping IS a ICMP packet. It's what determines if a host is active. Even if a machine IS online, it can show as inactive cause the ping was not returned.

Make sure that "Ping Only" is not selected. And make sure that "Scan only responsive pings" is not selected.

I'll explain what it means to "scan" a host. When you tell the program a range of IP's to scan, it will then try to connect to every port in the port list, or every port in the port range you selected. If it successfully connects - it will disconnect and tell you that port is open.
Posted By: Scallion Re: Scanning...SuperScan 3.0 - 04/13/02 04:39 PM
So...when I scan like that, however, all the hosts that come up in my "results" list have little red "x"'s beside them. Doesn't that mean that they're not responding?

Also, nowadays, don't most places reject ICMP packets because they're commonly used as scans?
Posted By: AK Re: Scanning...SuperScan 3.0 - 04/13/02 04:52 PM
SuperScan uses a full TCP connect() so that it can also grab the daemon banner. this is the loudest way to scan an it will be detected in logs. you have to check what ports you selected in the port list. Then check "scan ports in port list".
Posted By: Scallion Re: Scanning...SuperScan 3.0 - 04/13/02 08:54 PM
Would, possibly, a better way to do this be using nmap and nlog?
Posted By: unreal Re: Scanning...SuperScan 3.0 - 04/13/02 09:00 PM
nmap is definitely a good scanner to use. However, don't be fooled into thinking that stealth scans (even FIN scans) are undetectable. When I would peruse the IDS logs at work, you wouldn't believe what I would see... smile
Posted By: SilentRage Re: Scanning...SuperScan 3.0 - 04/14/02 01:24 AM
All the X's mean they didn't respond to the ping. It will still scan it and show you open ports if you make sure to follow my instructions in my previous reply.
Posted By: Scallion Re: Scanning...SuperScan 3.0 - 04/14/02 03:37 PM
So...I'm wondering.

If i go to www.ibo.org, I see a website. When I scan www.ibo.org, however, when I scan it, port 80 should be open & listening...why is it not? This should work for all web servers!
Posted By: SilentRage Re: Scanning...SuperScan 3.0 - 04/14/02 09:41 PM
probably cause you're not adding the IP into the range fields. You're adding it in the top text box aren't you? Well, that box is only for resolving the IP to a host or to resolve a host into an IP which will be put into those 2 range text boxes with 'start' and 'stop' in front of them.

So load up SuperScan. Enter www.yahoo.com into the top text box. Click the "Lookup" button. Now click the "Start" button.

If you STILL don't get an open port on 80, then maybe you didn't tell it to scan that port.

Well, if you can't get it to work this time, tough. I've lost all patience.
Posted By: AK Re: Scanning...SuperScan 3.0 - 04/15/02 01:55 AM
yeah -=cough:"SPOONFEEDING":cough=- jus do what Rage told -=cough:"SPOONFEEDING":cough=- you.
© UGN Security Forum