SCANNING Flashcards

1
Q

classique scan TCP

A

nmap -sT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

all the stealth scan ?

A
syn scan (half-open scan)
fin scan
xmas scan
null scan
ack scan
idle scan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

fin scan

A

nmap -sF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

XMAS scan

A

nmap -sX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

null scan

A

nmap -sN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ack scan

A

nmap -sA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

idle scan

A

nmap -sI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is the sequence number difference if port is open after using nmap idle technique ? (+0, +1, +2, +3, +4, etc) on the zombie ?

A

+2 if open

+1 if not open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ICMP scan

A

nmap -P range/cidr (live host)

nmap -L range/cidr (no packet, used dns resolution)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is the return of UDP port opened ?

A

no return

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is the return of UDP port closed ?

A

ICMP Port Unreachable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

which stealth scan doesn’t work against windows ?

A

because of the RFC 793:

  • XMAS scan
  • Fin scan
  • Null scan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what flag are send when using the XMAS scan ?

A

URG + PSH + FIN

6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

-PN

A

no ping host before scan (used for host that doesn’t response to ping)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

-P0

A

no ping host before scan (used for host that doesn’t response to ping)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

-n

A

no dns resolution

17
Q

-PS

A

no ping, but used tcp SYN to check if destination hosts is opened or not. (idem for -PA with ack)

18
Q

-sn

A

disable port scans, previously -sP

19
Q

-sO

A

IP Protocol Scan

20
Q

nmap -F

A

fast