TCP view and Superscan Flashcards

1
Q

Why use port scanning tools?

A

-Identifies devices on the network
-Identifies operating systems
-Identifies services on a system
-Identifies known network vulnerabilities
-Can be used for both internal and external
evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is TCPview?

A

A Windows program that will show you detailed listings of all TCP and UDP endpoints on your system

Provides a conveniently presented subset of the Netstat program. Requires Windows 98 or newer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does TCPview show for each connection?

A
-Process : the owning process (application and process ID)
– Protocol : TCP or UDP
– Local Address
– Remote Address
– State : established, listening, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is superscan?

A

It is a free connect-based port scanning
software designed to
• detect open TCP and UDP ports
• determine which services are running on those ports,
• run queries such as whois, ping, ICMP traceroute,
and Hostname lookups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is superscan able to do?

A

-Scan ports from a range of IP addresses
-Ping remote machines to check for “signs of life”
-Scan for different ports
-Perform host lookup so you don’t need to manually look-up the IP address of the target
system
-Enumerate a network to discover:
– hosts/devices on a network
– scan ports to find well known services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is NMAP?

A

Port scanning tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Zenmap?

A

The GUI for NMAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does stealth scan in NMAP work?

A

Involves sending a SYN packet to request a connection. The host responds with:
– SYN/ACK if the port is open
– RST (Reset) if the port is closed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does TCP connect scan work on NMAP?

A

Nmap creates temporary connections
– Nmap sends SYN packet to port on target
– if port is open it sends back SYN/ACK packet
– Nmap completes the connection (ACK packet) then disconnects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does NMAP detect a OS?

A

By determining which ports are open as some OS use particular ports for different OS systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Nmap idlescan?

A

It is where Nmap tries to bypass firewalls by impersonating a trusted host on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Nmap bounce?

A

Can use other open available hosts as a type of

proxy for different attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Nmap decoy?

A

Adds extra decoy IP addresses when doing a scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What command will display a Mac address?

A

ipconfig /all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which ports generally identify a windows operating system?

A

135, 139, 445, 137, 138

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Banner grabbing is a way to:

A

Identify a service running on a specific port number