Smack, crack, hack and track any network with Linux (not Windows)

David M Williams
Saturday, 04 October 2008 12:29

Opinion and Analysis

One essential tool for network security auditing is a port scanner. This probes the network in an effort to locate computers and other network devices which are switched on and which are responding to network requests.

This allows you to discover, among other things, web servers, mail servers, FTP servers and more. If it is open to incoming traffic then a port scanner ought to find it.

One popular fast and friendly port scanner is Angry IP Scanner. It is simple to use and rates among the top 100 network security tools according to hacker Fydor.

Now, let’s not delude ourselves. It comes in a Windows and a Linux client (and a Mac version too.) Anything I tell you about how wonderful it is Linux lets you scan ports will equally apply to Windows.

With one subtle difference.

From the Angry IP Scanner FAQ we read, “Why is scanning so slow on Windows?” The very same FAQ answers that Microsoft have deliberately crippled down consumer versions of Windows from Windows XP service pack 2 onwards. This includes every single release of Windows Vista.

What happens is that Windows deliberately limits the number of simultaneous network connection attempts your computer may perform. This is known as “rate limiting” and the official word from Redmond is that this was implemented to limit the troubles caused by virus-affected Windows computers, meaning they can only spread online mischief like virus and spam and Trojans a fraction as fast as they could before rate limiting was implemented.

Too bad for the smart and secure Windows users. To bad for the legitimate network auditor. In direct recognition that Microsoft Windows is a tragically insecure operating system, Microsoft limit the activities of genuine users in an attempt to mitigate the consequences of so many insecure Windows boxes!

As you might imagine, this limitation affects the myriad of BitTorrent users so that community have determined solutions for Windows XP and Windows Vista.

The solution is not nice; it involves manually editing important system files, or trusting other “kind” people to supply an appropriately-modified system file, and making registry tweaks.
Even then, the fix isn’t permanent. The next official patch to come along which upgrades the relevant system files will undo your work.

You’ll find the same story over most network security tool websites, and sometimes for other reasons. Wireshark, the popular packet sniffer which began life as Ethereal, comments that their software needs an extra module loaded if you want to run as a non-privileged user under Vista.

The short of it is – sure, you can sniff and probe and scan and analyse a network using Windows. But if you want to do it quickly, you want to do it well, you want to do it without any fuss – then Linux is the OS for you.

Yes, Windows users, I hear you say - "I didn't know you could do that in Linux!"