Scanning Networks

Question 1

What is the purpose of the TCP ‘SYN’ flag?

Answer 1

The SYN flag notifies the transmission of a new sequence number. This flag generally represents the establishment of a connection (three-way handshake) between two hosts

Question 2

What is the purpose of the TCP ‘ACK’ flag?

Answer 2

The ACK flag confirms the receipt of the transmission and identifies the next expected sequence number. When the system successfully receives a packet, it sets the value of its flag to “1,” thus implying that the receiver should pay attention to it.

Question 3

What is the purpose of the TCP ‘FIN’ flag?

Answer 3

The FIN flag is set to “1” to announce that no more transmissions will be sent to the remote system and the connection established by the SYN flag is terminated

Question 4

What is the purpose of the TCP ‘RST’ flag?

Answer 4

The RST flag is set to “1” when there is an error in the current connection and the connection is aborted in response. Attackers use this flag to scan hosts and identify open ports

Question 5

What is Network Scanning?

Answer 5

Network scanning is a procedure for identifying active hosts on a network, either to attack them or assess the security of the network

Question 6

What is Port Scanning?

Answer 6

Port scanning is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in

Question 7

What is Vulnerability Scanning?

Answer 7

Vulnerability scanning is a method for checking whether a system is exploitable by identifying its vulnerabilities

Question 8

What is Banner Grabbing?

Answer 8

Banner grabbing, or “OS fingerprinting,” is a method used to determine the OS that is running on a remote target system

Question 9

Which flag do you pass to hping to get the initial sequence number?

Answer 9

-Q

Question 10

What is Netcraft?

Answer 10

Netcraft provides Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning

Question 11

What is Maltego?

Answer 11

Maltego is a program that can be used to determine the relationships and real-world links between people, groups of people, organizations, websites, Internet infrastructure, documents, etc

Question 12

What is Fing?

Answer 12

Fing is a mobile app for Android and iOS that scans and provides complete network information, such as IP address, MAC address, device vendor, and ISP location. It allows attackers to discover all devices connected to a Wi-Fi network along with their IP and MAC address as well as the name of the vendor/device manufacturer

Question 13

What flag do you pass to hping to perform an ACK scan?

Answer 13

-A

Question 14

Which flag do you pass to nmap to perform a ping sweep (discover hosts but don’t scan ports)?

Answer 14

-sn

Question 15

What TCP port does TFTP use?

Answer 15

69

Question 16

What TCP port does finger use?

Answer 16

79

Question 17

What TCP port does Kerberos use?

Answer 17

88

Question 18

What TCP port does NTP use?

Answer 18

123

Question 19

How does a TCP Connect Scan work?

Answer 19

A TCP Connect scan detects when a port is open after completing the three-way handshake. TCP Connect scan establishes a full connection and then closes the connection by sending an RST packet

Question 20

How does a Stealth Scan work?

Answer 20

Stealth Scan involves abruptly resetting the TCP connection between the client and server before the completion of three-way handshake signals, thus leaving the connection half-open

Question 21

How does an ACK Flag Probe Scan work?

Answer 21

An ACK Flag Probe Scan is used by the attackers send TCP probe packets set with an ACK flag to a remote device and then analyze the header information (TTL and WINDOW field) of received RST packets to determine if the port is open or closed

Question 22

How does an IDLE/IPID Header Scan work?

Answer 22

IDLE/IPID Header Scan, every IP packet on the Internet has a fragment identification number (IPID); an OS increases the IPID for each packet sent; thus, probing an IPID gives an attacker the number of packets sent after the last probe. A machine that receives an unsolicited SYN|ACK packet will respond with an RST. An unsolicited RST will be ignored. This scan uses a spoofed source address.

Question 23

Which flag do you pass to nmap to perform an SCTP INIT Scan?

Answer 23

-sY

Question 24

Which flag do you pass to nmap to perform a UDP scan?

Answer 24

-sU

Question 25

Which flag do you pass to nmap to perform an SCTP COOKIE ECHO Scan?

Answer 25

-sZ

Question 26

Which flag do you pass to nmap to perform a List Scan?

Answer 26

-sL

Question 27

How does a TCP Maimon Scan work?

Answer 27

The TCP Maimon Scan is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request. However, in many BSD systems, the port is open if the packet gets dropped in response to a probe

Question 28

How does an Inverse TCP Flag Scan work?

Answer 28

In an Inverse TCP Flag Scan, Attackers send TCP probe packets with a TCP flag (FIN, URG, PSH) set or with no flags. When the port is open, the attacker does not get any response from the host, whereas when the port is closed, he or she receives the RST from the target host.

Question 29

What is the TTL and tcp window size of Linux 2.4 and 2.6?

Answer 29

64 and 5840

Question 30

What is the TTL and tcp window size of Windows 7?

Answer 30

128 and 8192

Question 31

What is the TTL and tcp window size of FreeBSD?

Answer 31

64 and 65535

Question 32

What is the TTL and tcp window size of OpenBSD?

Answer 32

64 and 16384

Question 33

What is Active OS Fingerprinting?

Answer 33

In active OS fingerprinting, specially crafted packets are sent to remote OS and the responses are noted. The responses are then compared with a database to determine the OS. Response from different OSes varies due to differences in TCP/IP stack implementation.

Question 34

What is Scany?

Answer 34

Scany is a network scanner for iPhone and iPad that is used to scan LAN, Wi-Fi networks, websites, open ports, and network devices and can support several networking protocols