Tools to Scan Network Ports

Question 1

Network Visibility

Answer 1

• What is connected to network and what is being communicated over it

Question 2

IP Scanner

Answer 2

• Tool that performs host discover and can establish overall logical topology
• Tool used like Nmap, AngryIP or PRTG

Question 3

IPAM

Answer 3

IP Address Managment

- Functionality to perform IP scan and combine it with asset or inventory informtation

Question 4

Host Disovery

Answer 4

• Basic type of IP scanning that only determines if host is “up”
• Most basic use ping, arp and traceroute tools
• Some done with SNMP queries whichi also report more detailed information about interface.
• Security ortiend scanners can probe for hosts configured not to respond

Question 5

Nmap Security Scanner

Answer 5

• Widely used for Ip scanning
• As auditing tool and pen-testing tool
• Operated Command line or via Zenamp GUI
• Sends TCP ACK packets to Port 80 and 443 to determine if a host is present
• Will also perform ARP and Network Discover sweeps
• Performs port scan on discovered hosts to determine which services are running.
• Can be run with -sn to suppress port sca

Question 6

Netstat

Answer 6

• Checks states of ports on a local host
• Can be used to check for service misconfigurations
• Can also indentify suspicious remote connections to services on local host
• Using -a switch displays all open ports, including TCP and UDP connections and listening state

Question 7

Port Scanner

Answer 7

• Performs port probes form another machine or machines on other networks

Question 8

Protocol Analyzer

Answer 8

• Works in conjunction with packet capture or sniffer tool
• Can analyze live capture or open a saved capture (.pcap) file.
• Parses each fram to reveal header fields and payload contents in readable format (Packet analysis).
• ## Helps to identify provol misconfigurations

Question 9

TCP SYN

Answer 9

• Fast technique (half-opening scanning)
• Scanning host requests connection without acknowledging it
• Targets response to SYN packet identifies port state

Question 10

TCP Connect

Answer 10

• Half open scan
• Requires Nmap to have privileged access to the network driver so that it can craft packets
• If privileged access is not available, it must use OS to attempt full TCP connection
• Less stealthy

Question 11

UDP Scans

Answer 11

• Scan UDP ports
• Becausae there are no ACKs, Nmap needs to wait for response or timeout to determine port state
• Can take a long time

Question 12

Port range

Answer 12

• By default Nmap scans 1000 commonly used ports

- Use -p argument to specify port range

Question 13

Fingerprinting

Answer 13

• Identifying software application from responses in port scanning