Port Scanning to check open ports
MODULE 5:- Scanning Network and Vulnerability
- Introduction of port Scanning – Penetration testing
- TCP IP header flags list
- Examples of Network Scanning for Live Host by Kali Linux
- important nmap commands in Kali Linux with Example
- Techniques of Nmap port scanner – Scanning
- Nmap Timing Templates – You should know
- Nmap options for Firewall IDS evasion in Kali Linux
- commands to save Nmap output to file
- Nmap Scripts in Kali Linux
- 10 best open port checker Or Scanner
- 10 hping3 examples for scanning network in Kali Linux
- How to Install Nessus on Kali Linux 2.0 step by step
- Nessus scan policies and report Tutorial for beginner
- Nessus Vulnerability Scanner Tutorial For beginner
What is TCP IP header?
TCP IP header refers Transmission control Protocol is responsible to make communication between devices and send data over network. It provides reliable, ordered and error check comunications. Major internet application rely on by this protocol such as World wide web, email, remote adminsitration, file transfer etc. Applications that don’t require reliableity use UDP (User Datagram Protocol).
- TCP has main operations at the time of communication:
- Establish connections
- Terminate connections
- Reliable Transmission
- Error Detection and check sum
- Flow Control
- Congestion control
- Decide maximum segment size
- Acknowledgment of transfer data
- Forcing data delivery
And these operations handled by TCP IP header Communication flags. There are six type of Flags used by TCP
Data with this flag should be processed immediately
this flag tell there is no more data remain for transmission on remote system
It is used to reset the connection
It is used to instruct to send all buffered data immendiately to the recieving system
Used acknowledge the receipt data packets
It is used to initiate the a connection between the hosts
To know More : Packetcrafter
Check Live host by Network Scanner
Live system means system should be Up and connected and reachable inside Network. If system is not connected in the network or down is called dead system. We have two method to check live system one is single system scanning another scan multiple systems at once.
Free IP scanner Network Utility Ping
Ping checks live system with the help of ICMP scanning. Ping scan sends ICMP ECHO request to a host. If the host is live, it will return an ICMP ECHO reply. No reply means host is dead. Sometimes firewall discards ICMP ECHO request so We cant identify host is live or dead.
Ping sweep ip scanner tools in network
Ping sweep is used to check live systems in network within rang of IP addresses. If multiple hosts are connected in the network, to find out live hosts is a big challenge for Pen Tester. Ping Sweep is useful in this condition. In this scanning method Attacker sends ICMP requests to multiple Systems. If host is alive it will return ICMP reply.
Ping Sweep tools:
Ping sweep is performed by multiple tools for windows as well as for Linux.
fping a ping Linux program
Zenmap a GUI for Nmap
Zenmap is a free graphical interface for the very popular port scanner nmap comes with the 10 defferent scan type ping scan is one of them
Other Ping Sweep Tools:
Angry IP Scanner,
Solarwinds Engineer’s Toolset,
Colasoft Ping tool,
PacketTrap MSP Ping Sweep,
Ping Scanner Pro,
Ultra Ping pro
As we discuss in previous, information gathering is the first phase of Penetration testing in which the pentester gather the information about the target. This phase is not enough alone to get much information, so we need another method to gather many more details about target. In This phase attacker get the detail about system, network, and vulnerabilities about potential target.
Types of scanning:
- Live host scanning
- Port scanning
- UDP scanning
- Vulnerability scanning
Network scanning is one of the most important phases of intelligence gathering. During the this process, you can gather information about specific ip addresses that can be accessed over the intent, their targets operating systems, system architecture, and the services running on each computer. In addition, the attacker also gather details about the networks and their individual host systems.
Purpose of Scanning
Discovering live hosts, ip address, and open ports of live hosts running on the network
Discovering open ports are the best way to break into the system.
Discovering Operating systems and system architecture
Identifying the vulnerabilities and threat
Detecting the associated network service of each port