Scanning

Let's take our information gathering phase a bit further than we have done before. In this section, we are going to perform various scan types on a target. These will include the following:

  • Ping sweep
  • Operating system and service version detection
  • Scanning for host devices that have ICMP disabled
  • Performing stealth scanning
  • Scanning UDP ports using Nmap
  • Performing evasion scanning techniques using Nmap

The objective of scanning is to identify live hosts on a network, determine open and closed ports on a system, identify running services on a target, and create a network diagram of the target's network infrastructure. The information obtained during the network-scanning phase is key in creating a profile of a target organization.

Scanning a target without permission is illegal in many countries. For this reason, we will be scanning devices within our lab.

Within a packet, there are many types of TCP flag that are used during communication between two or more hosts on a network. As a penetration tester, we can leverage certain vulnerabilities within the TCP/IP stack while performing our network scans. In other words, we are going to send specially crafted flags to a target to determine their port status, operating system, the services running, and their versions; we'll also to determine whether a firewall is monitoring inbound or outbound traffic, and so on.

The following TCP flags are within a packet:

  • URG: (Urgent) Indicates this packet should be processed immediately
  • PSH: (Push) Sends buffered data immediately
  • FIN: (Finish) Indicates there are no more transmissions to be sent
  • ACK: (Acknowledgement) Confirms receipt of a message
  • RST: (Reset) Resets a network connection
  • SYN: (Synchronization) Used to initialize a connection between host devices

By using a tool such as Wireshark (www.wireshark.org), you can observe every detail within packets on a network.

The following snippet is a capture of a network packet where the ACK flag is set:

A packet with the ACK flag enabled

Additionally, by observing the details in the packet, you can see the source and destination MAC addresses, IP addresses, ports, and other important characteristics. Wireshark is considered to be one of the best network protocol analyzers and sniffers among network and cybersecurity professionals alike.

Now that we understand the importance of scanning, let's learn about one of the most popular scanning tools in the industry, Nmap.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.190.156.80