Scanning Networks Flashcards
What is the purpose of the TCP ‘SYN’ flag?
The SYN flag notifies the transmission of a new sequence number. This flag generally represents the establishment of a connection (three-way handshake) between two hosts
What is the purpose of the TCP ‘ACK’ flag?
The ACK flag confirms the receipt of the transmission and identifies the next expected sequence number. When the system successfully receives a packet, it sets the value of its flag to “1,” thus implying that the receiver should pay attention to it.
What is the purpose of the TCP ‘FIN’ flag?
The FIN flag is set to “1” to announce that no more transmissions will be sent to the remote system and the connection established by the SYN flag is terminated
What is the purpose of the TCP ‘RST’ flag?
The RST flag is set to “1” when there is an error in the current connection and the connection is aborted in response. Attackers use this flag to scan hosts and identify open ports
What is Network Scanning?
Network scanning is a procedure for identifying active hosts on a network, either to attack them or assess the security of the network
What is Port Scanning?
Port scanning is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in
What is Vulnerability Scanning?
Vulnerability scanning is a method for checking whether a system is exploitable by identifying its vulnerabilities
What is Banner Grabbing?
Banner grabbing, or “OS fingerprinting,” is a method used to determine the OS that is running on a remote target system
Which flag do you pass to hping to get the initial sequence number?
-Q
What is Netcraft?
Netcraft provides Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning
What is Maltego?
Maltego is a program that can be used to determine the relationships and real-world links between people, groups of people, organizations, websites, Internet infrastructure, documents, etc
What is Fing?
Fing is a mobile app for Android and iOS that scans and provides complete network information, such as IP address, MAC address, device vendor, and ISP location. It allows attackers to discover all devices connected to a Wi-Fi network along with their IP and MAC address as well as the name of the vendor/device manufacturer
What flag do you pass to hping to perform an ACK scan?
-A
Which flag do you pass to nmap to perform a ping sweep (discover hosts but don’t scan ports)?
-sn
What TCP port does TFTP use?
69
What TCP port does finger use?
79
What TCP port does Kerberos use?
88
What TCP port does NTP use?
123
How does a TCP Connect Scan work?
A TCP Connect scan detects when a port is open after completing the three-way handshake. TCP Connect scan establishes a full connection and then closes the connection by sending an RST packet
How does a Stealth Scan work?
Stealth Scan involves abruptly resetting the TCP connection between the client and server before the completion of three-way handshake signals, thus leaving the connection half-open
How does an ACK Flag Probe Scan work?
An ACK Flag Probe Scan is used by the attackers send TCP probe packets set with an ACK flag to a remote device and then analyze the header information (TTL and WINDOW field) of received RST packets to determine if the port is open or closed
How does an IDLE/IPID Header Scan work?
IDLE/IPID Header Scan, every IP packet on the Internet has a fragment identification number (IPID); an OS increases the IPID for each packet sent; thus, probing an IPID gives an attacker the number of packets sent after the last probe. A machine that receives an unsolicited SYN|ACK packet will respond with an RST. An unsolicited RST will be ignored. This scan uses a spoofed source address.
Which flag do you pass to nmap to perform an SCTP INIT Scan?
-sY
Which flag do you pass to nmap to perform a UDP scan?
-sU
Which flag do you pass to nmap to perform an SCTP COOKIE ECHO Scan?
-sZ
Which flag do you pass to nmap to perform a List Scan?
-sL
How does a TCP Maimon Scan work?
The TCP Maimon Scan is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request. However, in many BSD systems, the port is open if the packet gets dropped in response to a probe
How does an Inverse TCP Flag Scan work?
In an Inverse TCP Flag Scan, Attackers send TCP probe packets with a TCP flag (FIN, URG, PSH) set or with no flags. When the port is open, the attacker does not get any response from the host, whereas when the port is closed, he or she receives the RST from the target host.
What is the TTL and tcp window size of Linux 2.4 and 2.6?
64 and 5840
What is the TTL and tcp window size of Windows 7?
128 and 8192
What is the TTL and tcp window size of FreeBSD?
64 and 65535
What is the TTL and tcp window size of OpenBSD?
64 and 16384
What is Active OS Fingerprinting?
In active OS fingerprinting, specially crafted packets are sent to remote OS and the responses are noted. The responses are then compared with a database to determine the OS. Response from different OSes varies due to differences in TCP/IP stack implementation.
What is Scany?
Scany is a network scanner for iPhone and iPad that is used to scan LAN, Wi-Fi networks, websites, open ports, and network devices and can support several networking protocols
