Scanning
Scanning is a process of identifying network and service related information by communicating with the target. Scanning helps in identifying IP/Hostnames, Ports, Services running on ports, Live hosts, Vulnerable services running on the target network.
Types of Scanning
● Network Scanning – Identifying the number of computers on the network.
○ Ping Sweep
○ Arp Scan
● Port Scanning – Listing open ports and services running on those ports.
○ SYN Scan/Stealth Scan/Half-Open Scan
○ TCP Connect Scan
○ ACK Scan/Firewall Detection Scan
○ XMAS Scan
○ FIN Scan
○ NULL Scan
○ OS Detection Scan
○ Script Scan
○ UDP Scan
○ Service Detection Scan
Network Scanning
During the network scanning process, attackers gather a list of IP addresses of computers that are live on the target network. The job of the attacker will be easy if he/she can analyze the network structure and services running on each machine.
List of Network Scanners
● Angry IP Scanner
● Advanced IP Scanner
● Netdiscover
● Autoscan
● hping3
● Nmap
What Are Ports and Port Numbers
Ports are virtual entry points to any digital device; devices can communicate with one to another using port, there are virtually 65535 ports available in every device, those can be identified with port numbers, ranging from 0 to 65535.
Port Scanning
Port scanning is a tecnique where the attacker will send communication probes to targets to see how the target is responding to them, based on the response attacker will determine what ports are open and several other port details, like service running on the port numbers, and OS the target is running.
List of Port scanners
● Nmap
● SuperScan
● Strobe
● Zenmap (Available for Windows Also)
ICMP
ICMP stands for Internet Control Messaging Protocol; this is widely used for internet communication troubleshooting or to generate errors related to IP operations, this will send packets to the target machine and will see whether the packets are delivered or not.
Live Host identification scan
Identifying the turned-on computers by sending ICMP packets or ARP packets or some other kind of packets is called Live Host Identification Scan.
Practical Ping Sweeping with nmap
In Kali Linux terminal type the following command
nmap –sn 192.168.1.1/24
Practical : Port Scanning with nmap
1.Regular Scan (SYN stealth scan or half open scan):
nmap <target IP or domain>
Ex: nmap 192.168.0.137
nmap –sS example.com
nmap –sS 192.168.0.137
nmap –sS example.com
Note: Even if we take a domain name, nmap will not scan the website, it will scan the computer (server) hosting that website.
2. TCP connect scan (Full Connect Scan):
nmap –sT <target IP or domain>
Example: nmap –sT example.com
nmap –sT 192.168.0.137
Scanning is a process of identifying network and service related information by communicating with the target. Scanning helps in identifying IP/Hostnames, Ports, Services running on ports, Live hosts, Vulnerable services running on the target network.
Types of Scanning
● Network Scanning – Identifying the number of computers on the network.
○ Ping Sweep
○ Arp Scan
● Port Scanning – Listing open ports and services running on those ports.
○ SYN Scan/Stealth Scan/Half-Open Scan
○ TCP Connect Scan
○ ACK Scan/Firewall Detection Scan
○ XMAS Scan
○ FIN Scan
○ NULL Scan
○ OS Detection Scan
○ Script Scan
○ UDP Scan
○ Service Detection Scan
Network Scanning
During the network scanning process, attackers gather a list of IP addresses of computers that are live on the target network. The job of the attacker will be easy if he/she can analyze the network structure and services running on each machine.
List of Network Scanners
● Angry IP Scanner
● Advanced IP Scanner
● Netdiscover
● Autoscan
● hping3
● Nmap
What Are Ports and Port Numbers
Ports are virtual entry points to any digital device; devices can communicate with one to another using port, there are virtually 65535 ports available in every device, those can be identified with port numbers, ranging from 0 to 65535.
Port Scanning
Port scanning is a tecnique where the attacker will send communication probes to targets to see how the target is responding to them, based on the response attacker will determine what ports are open and several other port details, like service running on the port numbers, and OS the target is running.
List of Port scanners
● Nmap
● SuperScan
● Strobe
● Zenmap (Available for Windows Also)
ICMP
ICMP stands for Internet Control Messaging Protocol; this is widely used for internet communication troubleshooting or to generate errors related to IP operations, this will send packets to the target machine and will see whether the packets are delivered or not.
Live Host identification scan
Identifying the turned-on computers by sending ICMP packets or ARP packets or some other kind of packets is called Live Host Identification Scan.
Practical Ping Sweeping with nmap
In Kali Linux terminal type the following command
nmap –sn 192.168.1.1/24
Practical : Port Scanning with nmap
1.Regular Scan (SYN stealth scan or half open scan):
nmap <target IP or domain>
Ex: nmap 192.168.0.137
nmap –sS example.com
nmap –sS 192.168.0.137
nmap –sS example.com
2. TCP connect scan (Full Connect Scan):
nmap –sT <target IP or domain>
Example: nmap –sT example.com
nmap –sT 192.168.0.137
No comments:
Post a Comment