network hack L3 scanning network

avatar
Created by
kelly

Cards (21)

  • Objectives
    • Learn about various scanning tools
    • Ping Sweeps
    • Port Scanning
    • Vulnerability Scanning
  • Scanning Networks
    • Phase 2 of the 5 phases of Ethical Hacking
    • Interact with target systems from information gathered in reconnaissance and footprinting phase
  • Ping Sweeps
    To identify systems which is active and responding within the IP address spaces
  • No point wasting time and resources scanning for a non-existent systems
  • Active and responding not limited to ping response
  • Ping sweep tools
    • fping
    • masscan
    • Nmap
    • netdiscover
  • fping
    Designed to send ICMP echo requests to multiple systems, show hosts that are active, elapsed time, and generates a list of targets from an address block
  • Need to be mindful of host based firewalls, systems may not response to ICMP
  • Ping sweep subnet using fping
    • fping -qag 192.168.17.0/24
  • Ping sweep subnet using netdiscover

    • sudo netdiscover -r 192.168.17.0/24
  • MegaPing
    Windows GUI based tool that incorporates several functions like DNS Lookup, Ping, Traceroute, Whois, IP Scanner, etc.
  • Port Scanning
    TCP/IP port numbers exist at the transport layer of the OSI reference model, TCP and UDP ports range from 0-65535, status of the ports can be open or closed and are bounded to application or services, serves to identifies software and version used by target to provide services, research for vulnerabilities associated with the software and version
  • Nmap
    Free and open source utility for network discovery and security auditing, capable of scanning both TCP and UDP ports, supports detection of operating system types, applications, and application versions, supports scripts for extended functions
  • Nmap script categories
    • auth
    • broadcast
    • default
    • discovery
    • dos
    • exploit
    • external
    • fuzzer
    • intrusive
    • malware
    • safe
    • version
    • vuln
  • SYN Scan or half-open scan
    Requires root privilege to modify the raw packets, TCP 3-way handshake is NOT completed, TCP RST (Reset is sent instead)
  • Nmap SYN Scan output
    • Closed TCP port 2005
    • Open TCP port 53
  • TCP Scan or Full connect scan

    TCP 3-way handshake is completed
  • Nmap TCP Scan output
    • Closed TCP port 2005
    • Open TCP port 53
  • Experts understand the different scan techniques and choose the appropriate one (or combination) for a given task, inexperienced users and script kiddies tries to solve every problem with the default SYN scan
  • Nmap port status
    • Open port
    • Closed port
    • Filtered port
  • Filtered port - Possible firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed