COMPARISON OF TCP SCANNING TECHNIQUES USING NMAP

Abstract

A complex network of resources, people, and networks makes up the Internet. The bulk of users rely merely on the many services provided since they are ignorant of the design and components of the Internet. A significant technique for gathering technical data is port scanning. Based on scan statistics from a real-world network, network defense systems can spot malicious scans. The paper addresses Connect Scan and Stealth Scan, two of the current port scan detection techniques. The comparison is structured around the three well-known criteria for categorizing scan detection approaches: data source, data presentation, and detection mechanism (or display of data). For scan detection, research prototypes that combine data mining with threshold- based analysis have showed significant potential, according to the findings. The paper concludes that even though both TCP connect and stealth scan are effective methods of scanning a system's ports and port states, stealth scanning has the advantage of logging prevention due to the fact that it uses a half-open TCP connection with the target and thus detects the target's ports more quickly while also being less likely to be detected by Web Application Firewall.