Chapter 03. Scanning Networks
Overview of Network Scanning
- Network scanning refers to a set of procedures for identifying hosts, ports, and services in a network.
- Network scanning is one of the components of intelligence gathering an attacker uses to create a profile of the target organization.
- Objectives of Network Scanning:
- To discover live hosts, IP address, and open ports of live hosts
- To discover operating systems and system architecture
- To discover services running on hosts
- To discover vulnerabilities in live hosts
TCP Communication Flags
- URG (Urgent): Data contained in the packet should be processed immediately
- FIN (Finish): There will be no more transmissions
- RST (Reset): Resets a connection
- PSH (Push): Send all buffered data immediately
- ACK (Acknowledgement): Acknowledges the receipt of a packet
- SYN (Synchronize): Initiates a connection between hosts
Creating Custom Packet Using TCP Flags
- Colasoft Packet Builder enables creating custom network packet to audit networks for various attacks.
- Attackers can also use it to create fragmented packets to bypass firewalls and IDS systems in a network.