Advanced Net Tools 7



Advanced Net Tools 2.7

The Tools are applied for determining which nodes on a network are running FTP or HTTP servers, by scanning all nodes on the network for any open ports that you choose. It can also scan a single node for any open ports. IP Tools also contains graphical DNS, finger, and who is client. A utility for testing commands on open ports is also included. The Figure 1.0 shows the overall Tools Function Panel.

[pic]

Figure 1.0

1. Network Port Scanner

It is an advanced network utility for finding ports that are open on any machine or range of machines on a network. Finding open ports on a host can be one of many things. An open port can be a server service like FTP or HTTP that a user on the node may or may not be allowed to run under the network's administration rules. An open port may also be a backdoor trojan program that a hacker installed through a virus or remote administration exploit.

It is very important to find these holes in your network because any machine that can be compromised on your network brings a hacker one step closer to having full administrative privileges on your network, and ultimately destroying important data, or even spying on sensitive data.

Based on the Port Scanner designation scheme, the Software should be able to find a host or arrange of hosts on the network with certain Port opening. We had ever scan student center network segment and found some data interested. The IP range is between 137.207.208.1 to 137.207.208.255. Port Number is 80. The data are retrieved as Figure 1.1.

[pic]

Figure 1.1

Just what our original idea is, the exposed port should be detected and be easier to be attacked by some hackers. If hackers login as Administrator Role, the Web Server will be dangerous and sensitive data may be lost. The following Figure 1.2 shows hacker login as administrator after finding the host IP address and try to login machine. Once the hacker login successfully, the Server will face the serious problem. Consequently, Detecting backdoor and finding weakness of network are critical.

Figure 1.2

The Network Port Scanner not only can scan the port 80, it also can find most of the exposed ports such as 21(FTP), 23(Telnet), 80(Http). Figure 1.3 shows the retrieved IP address and multiple ports including 21,23,80. We can attack any machine which have IP address and Port Number. Such as 137.207.208.19:23(TELNET PORT) or 80(HTTP PORT).

[pic]

Figure 1.3

In this tool, it offers Port Configuration on the Ports menu. It can add/Remove any of what we require Application and Command lines which match the intended Ports. It undoubtedly enforces the function and let Scanner sniff any of Network Port that are currently known. The Figure 1.4 shows us the Port configuration information. From this point of view, shows the tools flexible and extendable. No matter what kind of application will be applied on the network in the future, Scanner can do any of them. It is quite convenient for Network Monitor and Detection.

[pic]

Figure 1.4

2. Trace Route

It is a graphical version of the common Windows networking utility "tracert". It's main purpose is to find the bottleneck in the connection between your machine and a remote host. This can be useful for troubleshooting timeouts when connecting to a remote machine. Figure 2.0 is Trace Route of Uwindsor.

[pic]

Figure 2.0

Say you have a really slow ping (>500ms) to . Now you want to find out if it's your web server, or if it's one of your ISP's routers. First you will enter "" for the host field in the TraceRoute toolbar. You can keep the default packet size, timeout, and count (maximum number of routers to go through). Now you simple click the "Trace" button, or choose "Trace" from the File menu. First TraceRoute will lookup the hostname, so it may take a few seconds to start, then you should see a line indicating the ping status of the first router on your way to . If you see "timeout" in the results, then either you need to increase your timeout value, check your internet connection, or that router is down. Otherwise you should see the time in milliseconds that it took to send and receive an ICMP message from the first router. After this, you will see a line for each router that comes next until you finally get a ping from . Now you can look to see which of the routers has the highest time, and that is your bottleneck. You can also click the check box to look up each hostname on the way to your web server. This will give you a good idea of which ISP is having the problem.

The next example can give us a more clear understanding about TraceRoute role. This example is taken in the University of Windsor ‘s student Centre. We know that there are some firewall must be exist in the Network. To find out where it is, we trace one host which is located in the outside, . The data are showed as following Figure 2.1.

Data Packages are sent and pass 137.207.208.1,137.207.32.4,137.207.92.14. After that, Data Packages can’t be back and it can’t reach the destination IP. Upon the data, we can make a conclusion that there is a firewall that can’t let data package back to source IP.

[pic]

Figure 2.1

To verify the conclusion, I do an experience one more time from home that connects via BELL ADSL. The respond data is as following Figure 2.2. Compared with both of their data, Trace Route can reach the destination IP. These can be rather clear where the problem is. Standing this point, we feel the Trace Route is quite useful as network traffic analyst .In the meantime, it also diagnosis the network bottleneck as Figure 2.3.

From Figure 2.3 that Trace Route to , we can see the network bottleneck is 206.79.9.134.

So if that Router is too much traffic, the route passing the Router need to be scheduled in order to avoid traffic jam on the network.

[pic]

Figure 2.2

[pic]

Figure 2.3

3. WinPing

WinPing is a graphical version of the common Windows networking utility "Ping". It's main purpose is to test connectivity between our host and a remote host. It will also report to you the delay time of sending and receiving simple messages between the two hosts. This can be useful for troubleshooting timeouts when connecting to a remote machine.

If we want to find out if our web server is up and running. First we will enter the name of our web server for the host field in the WinPing toolbar. We can keep the default packet size, timeout, and count (number of pings to send). Now we simple click the "Ping" button, or choose "Ping" from the File menu. First ping will lookup the hostname, so it may take a few seconds to start, then we see 3 lines indicating the ping status of our web server. If you see "timeout" in the results, then either you need to increase your timeout value, check your internet connection, or your server is down. Otherwise you should see the time in milliseconds that it took to send and receive an ICMP message from your web server.

The timeout value is in milliseconds, so 1000 milliseconds is equal to 1 second. In general, 1000 milliseconds should be more than enough time to do a ping. The packet size is good for testing how long it takes to send larger packets, for instance, if you know that you usually send and receive large packets of 4096 bytes (4k), then you can use that for your size, and increase your timeout value, then see exactly how long it takes to send/receive a packet of that size.

The count value is for sending more than the default (3) packets. If you set count to 0, it will continue to ping until you press the stop button. We can use this feature when we reboot a server, so we can see right away when the server is back up from my remote machine.

Test 1 Host: davinci.newcs.

Timeout: 100 Size: 32768 Count:3

Address: Time: Seq: Results:

137.207.76.3 10ms 0 32 bytes received.

137.207.76.3 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download