TCP Window Scan is a new and exciting way to find out what is happening on your network from the outside. TCP Window Scan is performed by the administrators of a network, typically one that works for a large company, who are trying to determine if their network can be compromised in any way by hackers or other unethical individuals. Users of TCP window scan type in what IP address they want to be scanned and then other than that it goes around and checks every port on every machine it finds. When it finds a machine with a port open, it sends information about that port back to the person who initiated the scan. If a port is found in this way, that means there is some sort of program running on that computer. This is one way to find out if someone has used an FTP program or server to access files from your network. It can also be used to find out if someone has tried to get access to your network by using various exploits, like SMB or RDP. In the past hackers were able to gain access to networks through various exploits and by guessing username/password combinations. TCP window scans can determine if someone has used various exploits or other methods to guess valid usernames and passwords.
Function of TCP Window Scan:
Each packet that TCP Window Scan sends contains two headers. One header is called TCP Header (the one that gives the packet its TCP/IP look), and the other is called “TCP/UDP Data.” This information is sent back to the person who initiated the scan, so that they may debug the problem if one does occur.
- The IP addresses of all the computers on the network that were scanned and attacked.
- Ports in use on each computer, and
- The username/password combination for each valid username/password pair that was found.
Features:
- It can be run on a specific target (IP Address), or broadcast scan to all the networks you can find.
- List of default passwords (for Windows operating systems, Cisco routers, etc.)
- Custom word list and IP range filter options.
- Can launch any local program to monitor the port scan in real-time.
- Self-configuring service and setup wizard.
- Simple command line interface.
TCP Window Scan on Nmap:
To view the TCP Window on the Nmap, open your terminal and then type in the following command:
nmap -sW -T4 (Any TCP Stream you want to search)
For example:
Limitations:
- Not all ports can be tested as TCP Window Scan does not support UDP protocol. The TCP Windows Scan utility attempts to detect user hosts accessible via currently open TCP ports (or “open TCP ports”). Since some applications utilize UDP (User Datagram Protocol), the TCP Windows Scan utility’s detection feature is not intended to detect all possible user hosts.
- In order to detect all user hosts, a UDP port scan should be performed in addition to this TCP Window Scan. However, the TCP Windows Scan utility may incorrectly report a host as being “not responding” because some applications (such as IRC), while they do use open ports, do not respond by attempting to establish a connection with the testing software.
- “TCP Window scan” may report a port as being open even if it is not since any port may be in the LISTENING state.
- When the TCP Window Scan utility reports that the target host’s TCP port is in use by another program, this does not necessarily mean that the other program is a malicious one.
- One may not be able to determine if any details of the host have been scanned. Since an IP address is not provided, it is hard to tell if there was more than one computer on a network. Also, since TCP Window Scan doesn’t provide information about the hosts it has scanned, one can’t tell if there is more than one IP address to a hostname (like 192.168.1.9 or 192.168.1.10).
Conclusion:
TCP Window Scan is a useful tool for anyone who needs to know what ports are open, what kind of usernames and passwords are in use, and even who has connected to the network by using an FTP Server or some other program. As long as you are careful about what information you gather, this is a very effective way to find out if your company’s network can be compromised in any way.