Network Scanning refers to the set of procedures adopted for identifying a network’s hosts
MarkoKustro
18 views
23 slides
Oct 01, 2024
Slide 1 of 23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
About This Presentation
Network Scanning refers to the set of procedures adopted for
identifying a network’s hosts, ports and services. It is one of the
key components of intelligence gathering that attackers use to
create a profile of the target organization
It has the following main objectives
Slide Content
Scanning
Networks
1
@mmar
Networks
1
@mmar
Network Scanningrefers to the set of procedures adopted for
identifying a network’s hosts, ports and services. It is one of the
key components of intelligence gathering that attackers use to
create a profile of the target organization
It has the following main objectives:
Discover live hosts, IP addresses and open ports of all live hosts
Discover OS and system architecture
Discover services running on hosts
Discover vulnerabilities on live hosts
identifying a network’s hosts, ports and services. It is one of the
key components of intelligence gathering that attackers use to
create a profile of the target organization
It has the following main objectives:
Discover live hosts, IP addresses and open ports of all live hosts
Discover OS and system architecture
Discover services running on hosts
Discover vulnerabilities on live hosts
NMAP
3
Nmap is a free and open‐source network scanner. Nmap is used to
discover hosts and services on a computer network by sending
packetsandanalyzingtheresponses
Nmapprovidesanumberoffeaturesforprobingcomputernetworks,
includinghostdiscoveryandserviceandoperatingsystemdetection.
These features areextensible byscripts that providemoreadvanced
service detection, vulnerability detection, and other features. Nmap
can adapt to network conditions including latency and congestion
duringascan
3
Nmap is a free and open‐source network scanner. Nmap is used to
discover hosts and services on a computer network by sending
packetsandanalyzingtheresponses
Nmapprovidesanumberoffeaturesforprobingcomputernetworks,
includinghostdiscoveryandserviceandoperatingsystemdetection.
These features areextensible byscripts that providemoreadvanced
service detection, vulnerability detection, and other features. Nmap
can adapt to network conditions including latency and congestion
duringascan
PortStates
•
While many port scanners have traditionally labelled all ports into the openor
closed states,Nmapismuchmoregranular.
•
It divides portsinto sixstates: open,closed,filtered,unfiltered,open|filtered,or
closed|filtered
•
These states are not intrinsic properties of the port itself, but describe how
Nmap sees them
•
For example, an Nmap scan from the samenetwork as the target may show port
135/tcp asopen, while a scan at the same time with the same options from across
theInternetmightshowthatportasfiltered
•
While many port scanners have traditionally labelled all ports into the openor
closed states,Nmapismuchmoregranular.
•
It divides portsinto sixstates: open,closed,filtered,unfiltered,open|filtered,or
closed|filtered
•
These states are not intrinsic properties of the port itself, but describe how
Nmap sees them
•
For example, an Nmap scan from the samenetwork as the target may show port
135/tcp asopen, while a scan at the same time with the same options from across
theInternetmightshowthatportasfiltered
PortStates •
open– indicates that an application is listening for connections on the port. The primary goal of port
scanningistofindthese.
•
closed–indicatesthat theprobeswerereceivedbutthere is noapplicationlisteningontheport.
•
filtered–indicatesthat theprobeswerenotreceived, andthestate could notbeestablished.
•
unfiltered –indicates that the probes were received but a state could not be established. In other
words,aportis accessible,butNmap isunable todetermine whether itis openorclosed.
•
open/filtered–indicatesthat theportwasfilteredoropen,but Nmapcouldn’testablishthestate.
•
closed/filtered–indicatesthatNmapis unable todetermine whether aportis closedorfiltered.
open– indicates that an application is listening for connections on the port. The primary goal of port
scanningistofindthese.
•
closed–indicatesthat theprobeswerereceivedbutthere is noapplicationlisteningontheport.
•
filtered–indicatesthat theprobeswerenotreceived, andthestate could notbeestablished.
•
unfiltered –indicates that the probes were received but a state could not be established. In other
words,aportis accessible,butNmap isunable todetermine whether itis openorclosed.
•
open/filtered–indicatesthat theportwasfilteredoropen,but Nmapcouldn’testablishthestate.
•
closed/filtered–indicatesthatNmapis unable todetermine whether aportis closedorfiltered.
TCP Header
6
6
TCP
Handshake
7
Handshake
7
Connection
termination
8
termination
8
SCAN TYPES
9
9
Nmap Scan
types
10
types
10
Ping Scan
11
Ping scan is used to scan for the live hosts on the network
>nmap–sn192.168.18.1/24
11
Ping scan is used to scan for the live hosts on the network
>nmap–sn192.168.18.1/24
TCP scan will scan for TCP ports and ensure for listening
port (open) through a 3‐way handshake connection
between the source and destination port
TCP Connect Scan
12
>nmap–sT192.168.18.1
port (open) through a 3‐way handshake connection
between the source and destination port
TCP Connect Scan
12
>nmap–sT192.168.18.1
TCPConnect
Scan/FullOpenScan
•
TheScandoes this take longer and require more packets to obtain the same
information,buttargetmachinesaremorelikelytologtheconnection
•
If the port is open then source made request withSYNpacket, a response
destination sentSYN, ACKpacket and then source sentACKpackets, at last
sourceagainsentRST,ACKpackets
Scan/FullOpenScan
•
TheScandoes this take longer and require more packets to obtain the same
information,buttargetmachinesaremorelikelytologtheconnection
•
If the port is open then source made request withSYNpacket, a response
destination sentSYN, ACKpacket and then source sentACKpackets, at last
sourceagainsentRST,ACKpackets
This scan is often referred to as half‐open scanning because yo u don't
open a full TCP connection. You send an SYN packet, as if you a re going
to open a real connection and then wait for a response
TCP SynScan
14
>nmap–sS192.168.18.1
This scan is often referred to as half‐open scanning because yo u don't
open a full TCP connection. You send an SYN packet, as if you a re going
to open a real connection and then wait for a response
TCP SynScan
14
>nmap–sS192.168.18.1
TCPSYN
Scan/StealthScan
•
SYN scan is the default and most popular scan o ption for good reasons. It can be performed
quickly, scanning thousands of ports per second on a fast network not hampered by restrictive
firewalls
•
ASYN/ACKindicatestheportislistening(open),whileRST(reset)isindicativeofa
non‐listener. If no response is received after several retransmissions, the port is marked as
filtered
•
TheportisalsomarkedfilteredifanICMPunreachableerror(type3,code0,1,2,3,9,10,or13)is
received
Scan/StealthScan
•
SYN scan is the default and most popular scan o ption for good reasons. It can be performed
quickly, scanning thousands of ports per second on a fast network not hampered by restrictive
firewalls
•
ASYN/ACKindicatestheportislistening(open),whileRST(reset)isindicativeofa
non‐listener. If no response is received after several retransmissions, the port is marked as
filtered
•
TheportisalsomarkedfilteredifanICMPunreachableerror(type3,code0,1,2,3,9,10,or13)is
received
UDP scan works by sending a UDP packet to every targeted port. For
most ports, this packet will be empty (no payload), but for a f ew of the
more common ports a protocol‐specific payload will be sent
UDP Scan
16
>nmap–sU192.168.18.110
UDP scan works by sending a UDP packet to every targeted port. For
most ports, this packet will be empty (no payload), but for a f ew of the
more common ports a protocol‐specific payload will be sent
UDP Scan
16
>nmap–sU192.168.18.110
UDPScan
•
UDPisaconnectionlessprotocolandthere's noprotocol‐definedrelationshipbetween
packetsin either direction
•
However, mostOS TCP/IPstackswillreturnanICMP“PortUnreachable”packetif aUDP
packetissenttoaclosedUDPport
•
Thus,a portthat doesn't return anICMPpacketcanbe assumedopen
•
Neitherthe probe‐packetnoritspotentialICMPpacketare guaranteedto arrive
•
UDPisaconnectionlessprotocolandthere's noprotocol‐definedrelationshipbetween
packetsin either direction
•
However, mostOS TCP/IPstackswillreturnanICMP“PortUnreachable”packetif aUDP
packetissenttoaclosedUDPport
•
Thus,a portthat doesn't return anICMPpacketcanbe assumedopen
•
Neitherthe probe‐packetnoritspotentialICMPpacketare guaranteedto arrive
FINSCANisoneoftheportscanningmethodsinNmap,whichusesthe
sheer stupidity of old and stateless firewalls. In fact, when it comes to
FIN Scan, our Port Scanner software sends a packet with a flag in the
form of FIN meaning the end of the session to the destination firewall
orhost.Ifnoresponseisreceived,itmeansthattheportisopen,andif
thereturnisRST//ACK,itmeansthattheserverportisclosed
FIN Scan
18
>nmap–sF192.168.18.110
FINSCANisoneoftheportscanningmethodsinNmap,whichusesthe
sheer stupidity of old and stateless firewalls. In fact, when it comes to
FIN Scan, our Port Scanner software sends a packet with a flag in the
form of FIN meaning the end of the session to the destination firewall
orhost.Ifnoresponseisreceived,itmeansthattheportisopen,andif
thereturnisRST//ACK,itmeansthattheserverportisclosed
FIN Scan
18
>nmap–sF192.168.18.110
FINScan
•
A FIN bit is used to terminate the TCP connection between the source and
destinati
•
Here, rat
sendsas
•
If the tar
onporttypicallyafterthedatatransferiscomplete
her than even pretending to initiate a standard TCP conn
ingleFIN(final)packet
get's TCP/IP stack is RFC‐793‐compliant then open ports
dclosedports willsendanRST
ection, nmap
will drop the
packetan
•
A FIN bit is used to terminate the TCP connection between the source and
destinati
•
Here, rat
sendsas
•
If the tar
onporttypicallyafterthedatatransferiscomplete
her than even pretending to initiate a standard TCP conn
ingleFIN(final)packet
get's TCP/IP stack is RFC‐793‐compliant then open ports
dclosedports willsendanRST
ection, nmap
will drop the
packetan
NULL and XMAS
Scans
•
NULLandXMASscantypesareexactlythesameinbehaviorexceptfortheTCPflagssetin
probe packets. If a RST packet is received, the port is considered closed, while no response
meansitisopen|filtered.
•
TheportismarkedfilteredifanICMPunreachableerror(type3,code0,1,2, 3,9, 10, or13)is
received
•
XMASscansare designedtomanipulate thePSH,URGand FINflagsoftheTCPheader,Sets
theFIN,PSH, andURGflags,lightingthepacketuplikeaChristmastree. Whensourcesent
FIN,PUSH,andURGpackettoaspecificportand iftheportisopenthendestinationwill
discardthepacketsandwillnotsendanyreplytothe source
•
A Null Scan is a series of TCP packets which hold a sequence number of “zeros”
(0000000). since there are none flags set, the destination will not know how to
reply the request.It will discard the packet and no reply will be sent, which indicate
that the port isopen
Scans
•
NULLandXMASscantypesareexactlythesameinbehaviorexceptfortheTCPflagssetin
probe packets. If a RST packet is received, the port is considered closed, while no response
meansitisopen|filtered.
•
TheportismarkedfilteredifanICMPunreachableerror(type3,code0,1,2, 3,9, 10, or13)is
received
•
XMASscansare designedtomanipulate thePSH,URGand FINflagsoftheTCPheader,Sets
theFIN,PSH, andURGflags,lightingthepacketuplikeaChristmastree. Whensourcesent
FIN,PUSH,andURGpackettoaspecificportand iftheportisopenthendestinationwill
discardthepacketsandwillnotsendanyreplytothe source
•
A Null Scan is a series of TCP packets which hold a sequence number of “zeros”
(0000000). since there are none flags set, the destination will not know how to
reply the request.It will discard the packet and no reply will be sent, which indicate
that the port isopen
NMAP
CHEATSHEET
CHEATSHEET
NMAP
CHEATSHEET
CHEATSHEET
THANKS
23
23
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 18
- Slides 23
- Age 429 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views