Module 3: Scanning and Enumeration Flashcards
Scanning and Enumerations is the process of identifying
hosts, ports and services within the network.
What are the three types of scanning?
Network Scanning
Port Scanning
Vulnerability Scanning
TCP Flags
SYN
synchronise
TCP Flags
ACK
Acknowledge the SYN flag
TCP Flags
RST
Reset - forces a termination of the circuit
TCP Flags
FIN
Finish - orderly tear down of the circuit
TCP Flags
PSH
Push -
TCP Flags
URG
Urgent
Well-known Port Numbers
0-1023
Registered Port Numbers
1024-49151
Dynamic Port Numbers
49152-65535
IPv4 Broadcast address subnet
255.255.255.255
IPv6 Broadcast address subnet
FFFF.FFFF.FFFF.FFFF
ICMP Type 8
Echo-Request
ICMP Type 0
Echo Reply
ICMP Type 3
Destination unreachable
ICMP Type 3 - Code 0
The route is missing
ICMP Type 3 - Code 1
the host is down
ICMP Type 3 - Code 13
The firewall is stopping the ICMP
What is a full connect scan
This is a TCP Connect scan - that performs the full three-way handshake - easy to detect
What is a stealth scan
this is a half open scan or SYN scan. Only sends the first part of the handshake
What is the XMAS scan type
all the flags on the tcp header are set. PSH, URG, FIN
Syntax for Nmap is
nmap
4 Evasion Methods
- Fragmenting Packets
- Spoof your IP Address
- IP Source Routing
- Use Proxies
What is a vulnerability scanning tool
Nessus