«
»

Mendeteksi Port Scaning dengan NMAP dan TCPDUMP

Komputer yang Digunakan
Pada pengerjaan tugas “Mendeteksi port scanning” ini saya menggunakan dua komputer server yang memiliki IP publik 118.98.221.204 dan 118.98.221.205.

Skenario Deteksi Port Scanning
Skenarionya adalah sebagai berikut:
- Server 118.98.221.204 akan melakukan port scanning kepada server 118.98.221.205 menggunakan nmap
- Server 118.98.221.205 menggunakan tcpdump akan memantau paket dari 118.98.221.204 yang melakukan port scanning

Sintaks/Perintah yang Digunakan
Sintaks yang digunakan adalah sebagai berikut
- Dari server 118.98.221.204 adalah: nmap 118.98.221.205
- Dari server 118.98.221.205 adalah: tcpdump -n – i eth0 src 118.98.221.204

Hasil nmap dari server 118.98.221.204 adalah sebagai berikut:

[root@118.98.221.204 ~]# nmap 118.98.221.205

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-10-31 09:39 WIT
Interesting ports on 118.98.221.205:
Not shown: 1665 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
8009/tcp open ajp13
10000/tcp open snet-sensor-mgmt
MAC Address: 00:1E:0B:75:C7:AC (Unknown)

Nmap finished: 1 IP address (1 host up) scanned in 1.173 seconds

Hasil tcpdump dari server 118.98.221.205 adalah sebagai berikut:

09:07:35.232132 IP 118.98.221.204.51659 > 118.98.221.205.252: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.232173 IP 118.98.221.204.51659 > 118.98.221.205.845: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.232213 IP 118.98.221.204.51659 > 118.98.221.205.nnsp: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.232249 IP 118.98.221.204.51659 > 118.98.221.205.dlip: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.232277 IP 118.98.221.204.51659 > 118.98.221.205.soap-beep: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.232308 IP 118.98.221.204.51659 > 118.98.221.205.6008: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.232351 IP 118.98.221.204.51659 > 118.98.221.205.dbstar: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.232395 IP 118.98.221.204.51659 > 118.98.221.205.marcam-lm: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.232431 IP 118.98.221.204.51659 > 118.98.221.205.tr-rsrb-p2: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.232467 IP 118.98.221.204.51659 > 118.98.221.205.datex-asn: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.232491 IP 118.98.221.204.51659 > 118.98.221.205.netrjs-4: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.232527 IP 118.98.221.204.51659 > 118.98.221.205.omginitialrefs: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.232571 IP 118.98.221.204.51659 > 118.98.221.205.mptn: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.232619 IP 118.98.221.204.51659 > 118.98.221.205.discp-client: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.232659 IP 118.98.221.204.51659 > 118.98.221.205.audio-activmail: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.233491 IP 118.98.221.204.51659 > 118.98.221.205.obex: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.233515 IP 118.98.221.204.51659 > 118.98.221.205.vslmp: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.233537 IP 118.98.221.204.51659 > 118.98.221.205.cal: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.233560 IP 118.98.221.204.51659 > 118.98.221.205.fc-cli: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.233583 IP 118.98.221.204.51659 > 118.98.221.205.commplex-main: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.233642 IP 118.98.221.204.51659 > 118.98.221.205.shrinkwrap: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.233691 IP 118.98.221.204.51659 > 118.98.221.205.hpstgmgr: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.233720 IP 118.98.221.204.51659 > 118.98.221.205.hp-managed-node: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.233750 IP 118.98.221.204.51659 > 118.98.221.205.afs3-errors: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.233779 IP 118.98.221.204.51659 > 118.98.221.205.272: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.233823 IP 118.98.221.204.51659 > 118.98.221.205.cisco-sys: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.233866 IP 118.98.221.204.51659 > 118.98.221.205.932: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.233903 IP 118.98.221.204.51659 > 118.98.221.205.gv-us: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.233938 IP 118.98.221.204.51659 > 118.98.221.205.sql*net: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.233964 IP 118.98.221.204.51659 > 118.98.221.205.profile: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.234000 IP 118.98.221.204.51659 > 118.98.221.205.namp: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234047 IP 118.98.221.204.51659 > 118.98.221.205.5900: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234090 IP 118.98.221.204.51659 > 118.98.221.205.osm-oev: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234131 IP 118.98.221.204.51659 > 118.98.221.205.974: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.234167 IP 118.98.221.204.51659 > 118.98.221.205.timbuktu-srv3: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234199 IP 118.98.221.204.51659 > 118.98.221.205.954: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.234227 IP 118.98.221.204.51659 > 118.98.221.205.imaps: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234270 IP 118.98.221.204.51659 > 118.98.221.205.ivsd: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234315 IP 118.98.221.204.51659 > 118.98.221.205.dsfgw: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.234357 IP 118.98.221.204.51659 > 118.98.221.205.imaps: R 3235918386:3235918386(0) win 0
09:07:35.234361 IP 118.98.221.204.51659 > 118.98.221.205.1001: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234398 IP 118.98.221.204.51659 > 118.98.221.205.971: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234433 IP 118.98.221.204.51659 > 118.98.221.205.dcs: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234455 IP 118.98.221.204.51659 > 118.98.221.205.bpjava-msvc: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234500 IP 118.98.221.204.51659 > 118.98.221.205.ariel3: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234532 IP 118.98.221.204.51659 > 118.98.221.205.insitu-conf: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.234585 IP 118.98.221.204.51659 > 118.98.221.205.cryptoadmin: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234621 IP 118.98.221.204.51659 > 118.98.221.205.714: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.234661 IP 118.98.221.204.51659 > 118.98.221.205.4998: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234696 IP 118.98.221.204.51659 > 118.98.221.205.dantz: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234726 IP 118.98.221.204.51659 > 118.98.221.205.mumps: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234757 IP 118.98.221.204.51659 > 118.98.221.205.eicon-server: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234793 IP 118.98.221.204.51659 > 118.98.221.205.1002: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234843 IP 118.98.221.204.51659 > 118.98.221.205.ttyinfo: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234884 IP 118.98.221.204.51659 > 118.98.221.205.856: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.234924 IP 118.98.221.204.51659 > 118.98.221.205.338: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.234964 IP 118.98.221.204.51659 > 118.98.221.205.qmqp: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.234988 IP 118.98.221.204.51659 > 118.98.221.205.cimplex: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.235020 IP 118.98.221.204.51659 > 118.98.221.205.saiscm: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.235058 IP 118.98.221.204.51659 > 118.98.221.205.ulistproc: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.235110 IP 118.98.221.204.51659 > 118.98.221.205.rprt: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.235150 IP 118.98.221.204.51659 > 118.98.221.205.ircd: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.235190 IP 118.98.221.204.51659 > 118.98.221.205.dei-icda: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.235220 IP 118.98.221.204.51659 > 118.98.221.205.avian: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.235253 IP 118.98.221.204.51659 > 118.98.221.205.mmcc: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.235285 IP 118.98.221.204.51659 > 118.98.221.205.shadowserver: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236125 IP 118.98.221.204.51659 > 118.98.221.205.bootpc: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236149 IP 118.98.221.204.51659 > 118.98.221.205.778: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.236171 IP 118.98.221.204.51659 > 118.98.221.205.oms: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.236194 IP 118.98.221.204.51659 > 118.98.221.205.commplex-link: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236216 IP 118.98.221.204.51659 > 118.98.221.205.tr-rsrb-port: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.236269 IP 118.98.221.204.51659 > 118.98.221.205.ms-sql-s: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236327 IP 118.98.221.204.51659 > 118.98.221.205.netnews: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236351 IP 118.98.221.204.51659 > 118.98.221.205.prm-sm: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236387 IP 118.98.221.204.51659 > 118.98.221.205.3com-amp3: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236409 IP 118.98.221.204.51659 > 118.98.221.205.meter: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236446 IP 118.98.221.204.51659 > 118.98.221.205.blackjack: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236483 IP 118.98.221.204.51659 > 118.98.221.205.softpc: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.236537 IP 118.98.221.204.51659 > 118.98.221.205.756: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.236578 IP 118.98.221.204.51659 > 118.98.221.205.hems: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236616 IP 118.98.221.204.51659 > 118.98.221.205.ipp: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236646 IP 118.98.221.204.51659 > 118.98.221.205.netrjs-3: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.236674 IP 118.98.221.204.51659 > 118.98.221.205.netview-aix-5: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236717 IP 118.98.221.204.51659 > 118.98.221.205.sd: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.236761 IP 118.98.221.204.51659 > 118.98.221.205.27002: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.236796 IP 118.98.221.204.51659 > 118.98.221.205.768: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.236833 IP 118.98.221.204.51659 > 118.98.221.205.cichlid: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236857 IP 118.98.221.204.51659 > 118.98.221.205.vnas: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236904 IP 118.98.221.204.51659 > 118.98.221.205.rap-service: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.236936 IP 118.98.221.204.51659 > 118.98.221.205.pehelp: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.236983 IP 118.98.221.204.51659 > 118.98.221.205.3l-l1: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.237020 IP 118.98.221.204.51659 > 118.98.221.205.gridgen-elmd: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.237055 IP 118.98.221.204.51659 > 118.98.221.205.6009: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.237079 IP 118.98.221.204.51659 > 118.98.221.205.858: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.237117 IP 118.98.221.204.51659 > 118.98.221.205.distcc: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.237158 IP 118.98.221.204.51659 > 118.98.221.205.teedtap: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.237200 IP 118.98.221.204.51659 > 118.98.221.205.prosharenotify: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237237 IP 118.98.221.204.51659 > 118.98.221.205.netview-aix-8: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237268 IP 118.98.221.204.51659 > 118.98.221.205.robcad-lm: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.237297 IP 118.98.221.204.51659 > 118.98.221.205.codaauth2: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237333 IP 118.98.221.204.51659 > 118.98.221.205.cisco-fna: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237383 IP 118.98.221.204.51659 > 118.98.221.205.hybrid-pop: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.237425 IP 118.98.221.204.51659 > 118.98.221.205.netbios-ns: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.237465 IP 118.98.221.204.51659 > 118.98.221.205.zion-lm: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237500 IP 118.98.221.204.51659 > 118.98.221.205.5801: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.237524 IP 118.98.221.204.51659 > 118.98.221.205.233: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.237559 IP 118.98.221.204.51659 > 118.98.221.205.964: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237603 IP 118.98.221.204.51659 > 118.98.221.205.lmtp: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.237649 IP 118.98.221.204.51659 > 118.98.221.205.apc-6547: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.237689 IP 118.98.221.204.51659 > 118.98.221.205.3m-image-lm: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237724 IP 118.98.221.204.51659 > 118.98.221.205.807: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.237756 IP 118.98.221.204.51659 > 118.98.221.205.ii-admin: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237802 IP 118.98.221.204.51659 > 118.98.221.205.816: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.237823 IP 118.98.221.204.51659 > 118.98.221.205.766: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.237887 IP 118.98.221.204.51659 > 118.98.221.205.895: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.237927 IP 118.98.221.204.51659 > 118.98.221.205.250: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.238745 IP 118.98.221.204.51659 > 118.98.221.205.sqlserv: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.238767 IP 118.98.221.204.51659 > 118.98.221.205.afs3-volser: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.238790 IP 118.98.221.204.51659 > 118.98.221.205.6002: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.238813 IP 118.98.221.204.51659 > 118.98.221.205.smar-se-port1: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.238835 IP 118.98.221.204.51659 > 118.98.221.205.dsatp: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.238893 IP 118.98.221.204.51659 > 118.98.221.205.1472: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.238937 IP 118.98.221.204.51659 > 118.98.221.205.miroconnect: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.238969 IP 118.98.221.204.51659 > 118.98.221.205.anynetgateway: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.238994 IP 118.98.221.204.51659 > 118.98.221.205.escp-ip: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.239026 IP 118.98.221.204.51659 > 118.98.221.205.statsci2-lm: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239066 IP 118.98.221.204.51659 > 118.98.221.205.fln-spx: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.239115 IP 118.98.221.204.51659 > 118.98.221.205.32779: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.239153 IP 118.98.221.204.51659 > 118.98.221.205.nas: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239194 IP 118.98.221.204.51659 > 118.98.221.205.mapper-nodemgr: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239225 IP 118.98.221.204.51659 > 118.98.221.205.bpdbm: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.239261 IP 118.98.221.204.51659 > 118.98.221.205.corbaloc: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239289 IP 118.98.221.204.51659 > 118.98.221.205.kshell: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.239340 IP 118.98.221.204.51659 > 118.98.221.205.device2: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.239376 IP 118.98.221.204.51659 > 118.98.221.205.scx-proxy: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.239414 IP 118.98.221.204.51659 > 118.98.221.205.782: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239443 IP 118.98.221.204.51659 > 118.98.221.205.827: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.239477 IP 118.98.221.204.51659 > 118.98.221.205.1015: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.239509 IP 118.98.221.204.51659 > 118.98.221.205.acas: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239558 IP 118.98.221.204.51659 > 118.98.221.205.938: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.239594 IP 118.98.221.204.51659 > 118.98.221.205.ptp-general: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.239631 IP 118.98.221.204.51659 > 118.98.221.205.powerburst: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239654 IP 118.98.221.204.51659 > 118.98.221.205.ss7ns: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239698 IP 118.98.221.204.51659 > 118.98.221.205.ircs: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239727 IP 118.98.221.204.51659 > 118.98.221.205.dberegister: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239779 IP 118.98.221.204.51659 > 118.98.221.205.garcon: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239816 IP 118.98.221.204.51659 > 118.98.221.205.crs: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239861 IP 118.98.221.204.51659 > 118.98.221.205.32778: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.239897 IP 118.98.221.204.51659 > 118.98.221.205.xns-courier: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239931 IP 118.98.221.204.51659 > 118.98.221.205.hermes: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.239956 IP 118.98.221.204.51659 > 118.98.221.205.5902: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.239993 IP 118.98.221.204.51659 > 118.98.221.205.iclpv-dm: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.240040 IP 118.98.221.204.51659 > 118.98.221.205.iso-tp0: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.240086 IP 118.98.221.204.51659 > 118.98.221.205.vat-control: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.240124 IP 118.98.221.204.51659 > 118.98.221.205.igi-lm: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.240163 IP 118.98.221.204.51659 > 118.98.221.205.arcisdms: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.240188 IP 118.98.221.204.51659 > 118.98.221.205.nuts_bootp: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.240219 IP 118.98.221.204.51659 > 118.98.221.205.4144: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.240258 IP 118.98.221.204.51659 > 118.98.221.205.timbuktu-srv1: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.240305 IP 118.98.221.204.51659 > 118.98.221.205.imsp: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.240345 IP 118.98.221.204.51659 > 118.98.221.205.joltid: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.240385 IP 118.98.221.204.51659 > 118.98.221.205.943: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.240420 IP 118.98.221.204.51659 > 118.98.221.205.geniuslm: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.240449 IP 118.98.221.204.51659 > 118.98.221.205.primaserver: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.240480 IP 118.98.221.204.51659 > 118.98.221.205.19150: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.240517 IP 118.98.221.204.51659 > 118.98.221.205.939: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.241361 IP 118.98.221.204.51659 > 118.98.221.205.332: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.241383 IP 118.98.221.204.51659 > 118.98.221.205.718: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.241406 IP 118.98.221.204.51659 > 118.98.221.205.dn6-smm-red: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.241428 IP 118.98.221.204.51659 > 118.98.221.205.fodms: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.241451 IP 118.98.221.204.51659 > 118.98.221.205.mloadd: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.241504 IP 118.98.221.204.51659 > 118.98.221.205.bl-idm: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.241567 IP 118.98.221.204.51659 > 118.98.221.205.797: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.241590 IP 118.98.221.204.51659 > 118.98.221.205.881: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.241625 IP 118.98.221.204.51659 > 118.98.221.205.clvm-cfg: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.241649 IP 118.98.221.204.51659 > 118.98.221.205.ftsrv: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.241682 IP 118.98.221.204.51659 > 118.98.221.205.ibm-cics: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.241721 IP 118.98.221.204.51659 > 118.98.221.205.sgmp-traps: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.241768 IP 118.98.221.204.51659 > 118.98.221.205.786: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.241807 IP 118.98.221.204.51659 > 118.98.221.205.rmt: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.241844 IP 118.98.221.204.51659 > 118.98.221.205.230: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.241869 IP 118.98.221.204.51659 > 118.98.221.205.postgres: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.241903 IP 118.98.221.204.51659 > 118.98.221.205.983: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.241940 IP 118.98.221.204.51659 > 118.98.221.205.imap: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.241994 IP 118.98.221.204.51659 > 118.98.221.205.933: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242035 IP 118.98.221.204.51659 > 118.98.221.205.802: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.242081 IP 118.98.221.204.51659 > 118.98.221.205.imap: R 3235918386:3235918386(0) win 0
09:07:35.242086 IP 118.98.221.204.51659 > 118.98.221.205.ndm-requester: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242122 IP 118.98.221.204.51659 > 118.98.221.205.50000: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242162 IP 118.98.221.204.51659 > 118.98.221.205.dbase: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242193 IP 118.98.221.204.51659 > 118.98.221.205.870: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242226 IP 118.98.221.204.51659 > 118.98.221.205.pegboard: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.242255 IP 118.98.221.204.51659 > 118.98.221.205.pdap: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242302 IP 118.98.221.204.51659 > 118.98.221.205.ipsec-nat-t: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242343 IP 118.98.221.204.51659 > 118.98.221.205.dn6-nlm-aud: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242383 IP 118.98.221.204.51659 > 118.98.221.205.723: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.242421 IP 118.98.221.204.51659 > 118.98.221.205.4333: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242445 IP 118.98.221.204.51659 > 118.98.221.205.225: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242476 IP 118.98.221.204.51659 > 118.98.221.205.wnn4_Kr: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242515 IP 118.98.221.204.51659 > 118.98.221.205.netcheque: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242566 IP 118.98.221.204.51659 > 118.98.221.205.rndc: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242606 IP 118.98.221.204.51659 > 118.98.221.205.1006: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242645 IP 118.98.221.204.51659 > 118.98.221.205.976: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.242681 IP 118.98.221.204.51659 > 118.98.221.205.bhmds: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.242709 IP 118.98.221.204.51659 > 118.98.221.205.filenet-nch: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242739 IP 118.98.221.204.51659 > 118.98.221.205.vid: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.242777 IP 118.98.221.204.51659 > 118.98.221.205.vacdsm-sws: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242826 IP 118.98.221.204.51659 > 118.98.221.205.la-maint: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.242860 IP 118.98.221.204.51659 > 118.98.221.205.decvms-sysmgt: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.242896 IP 118.98.221.204.51659 > 118.98.221.205.pip: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.242920 IP 118.98.221.204.51659 > 118.98.221.205.lotusnote: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.242964 IP 118.98.221.204.51659 > 118.98.221.205.auditd: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.243000 IP 118.98.221.204.51659 > 118.98.221.205.cvsup: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.243045 IP 118.98.221.204.51659 > 118.98.221.205.793: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.243082 IP 118.98.221.204.51659 > 118.98.221.205.vpac: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.243118 IP 118.98.221.204.51659 > 118.98.221.205.ph: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.243141 IP 118.98.221.204.51659 > 118.98.221.205.ris: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.243984 IP 118.98.221.204.51659 > 118.98.221.205.mit-ml-dev: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.244005 IP 118.98.221.204.51659 > 118.98.221.205.sfs-config: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.244028 IP 118.98.221.204.51659 > 118.98.221.205.aspeclmd: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244050 IP 118.98.221.204.51659 > 118.98.221.205.onmux: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244073 IP 118.98.221.204.51659 > 118.98.221.205.krb5_prop: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244127 IP 118.98.221.204.51659 > 118.98.221.205.knetd: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244159 IP 118.98.221.204.51659 > 118.98.221.205.13710: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.244204 IP 118.98.221.204.51659 > 118.98.221.205.9152: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244234 IP 118.98.221.204.51659 > 118.98.221.205.85: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244275 IP 118.98.221.204.51659 > 118.98.221.205.shell: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244298 IP 118.98.221.204.51659 > 118.98.221.205.prospero: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244343 IP 118.98.221.204.51659 > 118.98.221.205.opc-job-start: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244372 IP 118.98.221.204.51659 > 118.98.221.205.prm-nm: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244424 IP 118.98.221.204.51659 > 118.98.221.205.opalis-robot: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244459 IP 118.98.221.204.51659 > 118.98.221.205.emfis-cntl: S 3235918385:3235918385(0) win 3072 <mss 1460>
09:07:35.244499 IP 118.98.221.204.51659 > 118.98.221.205.dsp: S 3235918385:3235918385(0) win 4096 <mss 1460>
09:07:35.244527 IP 118.98.221.204.51659 > 118.98.221.205.finger: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244563 IP 118.98.221.204.51659 > 118.98.221.205.819: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.244592 IP 118.98.221.204.51659 > 118.98.221.205.ohimsrv: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244644 IP 118.98.221.204.51659 > 118.98.221.205.1008: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.244680 IP 118.98.221.204.51659 > 118.98.221.205.at-5: S 3235918385:3235918385(0) win 1024 <mss 1460>
09:07:35.244720 IP 118.98.221.204.51659 > 118.98.221.205.compaq-evm: S 3235918385:3235918385(0) win 2048 <mss 1460>
09:07:35.244742 IP 118.98.221.204.51659 > 118.98.221.205.1005: S 3235918385:3235918385(0) win 1024 <mss 1460>

Analisa hasil
- Dari hasil port scaning oleh server 118.98.221.204 menggunakan nmap tampak bahwa server 118.98.221.204 melakukan scanning terhadap sejumlah port yang ada di server 118.98.221.205 dan diperoleh hasil 1665 port tertutup dan beberapa port aktif misalnya port 1, 21, 22, 25, 53 dan 80 yang memiliki layanan-layanan seperti TCPmux, FTP, SSH, SMTP, domain, dan HTTP
- Dari hasil pemantauan menggunakan tcpdump pada server 118.98.221.205 tampak bahwa terdapat rekuest dari server 118.98.221.204 yang mencoba mencari status sejumlah port pada server 118.98.221.205

Advertisement

This entry was posted on October 5, 2011, 10:08 am and is filed under Magister T. Elektro MDGT. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.