Network scanning refers to the use of a computer network to gather information regarding computing systems. Network scanning is mainly used for security assessment, system maintenance, and also for performing attacks by hackers. Network scanning refers to a set of procedures for identyfying hosts,ports and services in network Network scanning is one of the components of intelligence gathering an attack uses to create a profile of the target organization
1.To discover live hosts,ip adress,and open ports of live hosts 2.To discover operating system and system architecture 3.To discover services running on hosts 4.to discover vulnerabilities in live hosts
Colosoft Packet Builder enables creating custom network packets to audit networks for various attacks. Attackers can also use it to create fragmented packets to byspass firewalls and IDS systems in a network.
Ping scan involves sending ICMP ECHO requests to a host.If hosts is live,it will return an ICMP ECHO reply This scan is useful for locating active devices or determining if ICMP is passing through a firewall
Ping sweep is used to determine the live hosts from a range of IP adress by sending ICMP ECHO requests to multiple hosts.If a host is live,it will return an ICMP ECHO reply. Attackers calculate subnet masks using subnet mask calculation to identify the number of hosts presents in the subnet Attackers then use ping sweep to create an inventory of live system in the subnet
The Simple Service Discovery Protocol(SSDP)is a network protocol tht works in conjuction with UPnP to detect plug and play services available in a network Vulnerable in UPnp may allow attackers to launch buffer overflow or DoS attack Attcker may use UPnp SSDP M-SEARCH information discovery tools to check if the machine is vulnerable to UPnP exploits or not. You can Use Kali Linux For SSDP ScanningKnow About Kali Linux And How To install it on VMWare
1.IPv6 increasing the IP adress size from 32 bits to 128bits,to support more levels of adressing hierarchy 2.Tradional network scanning techniques will be computationally less feasible due to large serch space provided by IPv6 in subnet 3.Scanning in IPv6 network is more difficult and complex then the iPv4 and also some scanning tool do not support ping sweeps on IPv6 networks 4.attackers need to harvest IPv6 adress from the network traffic,recorded logs or Recieved from: and other heaader lines in archived email or unset news messages 5.Scanning IPv6 networks,however,offers a large number of hosts in in subnet an attacker can compromise one hosts in the subnet;attacker can probe the"all hosts"link local multicast adress.
Network administrator can use Nmap for network inventory ,managing service upgrade shedule,and monitoring hosts or service uptime Attacker uses Nmap to extract infromation such as live hosts on the network,services type of packet filters/firewalls operating system and OS version. you can also use Hping in kali linux for scanning networks following commands are useful in Hping
Attacker send TCP probe packet with TCP flag set or no flags,no response means port is open and RST means the Port is closed
In Xmas scan,attackers send TCP frame to a remote device with FIN,URG,and PUSH flag set FIN scan only with oSes with RFC-793-based TCP/Ip implimentation It will not work against any current version of Mircosoft Windows
Most network listen on TCP ports such as web servers on port 80 and mall servers on port 25.Port is considered "open" if an application listen on the port One way to determine weather a port is open is tos end a "SYN" packet to the port. the target machine will send back a "SYN|ACK" packet if the port is open and an "RST" if the port is closed
1.Use Fragmented IP Packets 2.Spoof Your IP Adress when launching attack and sniff responses from server 3.Use Source routing (If possible) 4.Connect to proxy servers or compromised trojaned machines to launch attacks
Its not a new scanning method but modification of earlier methods The TCP header is split into serval packets so that the packet filters are not able to detect what the packets intend to do
Banner grabbing or OS fingerprinting is the method to determine the operating system on a remote target system.There are two type of banner grabbing.Active and Passive Identifying the os on the target host allows an attacker to figure out the vulnerabilities the system posses and the exploits that might work on the system to further carry out additional attack
1.Specially crafted packets are sent sen to note Os and responce are noted 2.The response are then compared with Databse to determine the OS 3.Response from different OSes varies due to differences in TCP/IP stack IMplimentation
Error message provide information such as type of server,tye of OS and ssl tools used by remote systemSniffing the network traffic
Capturing and analyzing target enables attacker to determine the OS used by the remote systemBanner grabbing page extensions
Looking for an extension in URL may assist in determining the application version
1.File extension reveqal information about uderlying server technology that an attacker can utilize to launch attack 2.hide extension to mask the web technology 3.Chnge application mapping such as .asp with .htm or .foo,etc to disguise the identity of the server 4.Apache Users can Use mod_negotiation directives 5.IIs users use tools such as page Xchanger to manage the file extension
vulnerabilities scanning identifies vulnerabilities and weakness of the system and network in order to determine how a system cann be exploited
1.Network vulnerability 2.Ope port and running service 3.Application and service vulnerability 4.Application and service configuration
Drawing Targets Network Digram gives valueable information about the network and its architecture to an attacker Network digram shows logical or physical petch to a potenstial target
OpManagaeris network monitoring software that offers advance fault performance managment dunctionality across crital it resourses such as routers,WLAN links,switchers,firewalls,VoIP call Paths,Physical servers etc.
NetworkView is a network discovery and managment tools for windows Discovery TCP/IP nodes and router using DNS,SNMP,ports,NetBIOS,and WMI
To hide the source ip adress so that they can hack withot any legal corollary To mask the actual source of the attack by imersonating a fake source adress of the proxy To remotly access intranet and other website resources that are normally off limits To intrupt all the requests sent by a user and transmit them to third destination,hence victims will only be able to identify the proxy server adress Attackers chain multiple proxy servers to avoid detction
1.User request to resource from the destination 2.proxy clients at the users system conects to a proxy server and passes the request to proxy server 3.the proxy server strips the users identification information and passes the request to next proxy server 4.This process is repeated by all the proxy servers in the chain 5.all the end unencrypted request is passed to the web server.
Pen testing network for scanning vulnerabilities determines the network's security posrture by identifying live system,discovering open ports,assosiating services and grabbing system banners to simulate a network hacking attempt The penetration testing report will help system administrator to
Check for the live hosts using tools such as Nmap,AngryIpScanner,SolarWinds,Enginnerstoolset,colasoft ping tools,etc. check for open ports using tools such as Nmap,netscan toolspro,SuperScan PRTG Network Monitor,Net Tools,etc. Perform banner grabbing /Os fingerprint using tools such as telenet, netcraft,ID serve ,etc Scan for vulnerabilities using tools such as Nessus,GFI LANGuard,SAINT,Cora,Impact professional etc.