Skip to content

02. Network Scanning

Overview

  1. Purpose of Scanning:

    • Conducted after extensive passive reconnaissance on the target.
    • Aims to identify active targets and potential access vectors (ports and services).
    • Focused on building a profile of the target based on:
      • OS version.
      • Service versions.
      • Misconfigurations in the stack.

    • Key Objectives:

    • Host Discovery: Identifying live systems in the network.

    • OS and Service Detection: Determining the OS and services running on the target.
    • UDP Scanning: Scanning User Datagram Protocol (UDP) ports.
    • Stealth Scans: Avoiding detection while scanning.
    • Firewall Evasion: Bypassing security measures like firewalls.

Types of Scanning

  1. Network Scanning:

    • Identifying active hosts on a target network.
    • Goal: Create a detailed schematic of the network infrastructure.

    • Port Scanning:

    • Probing the target with specific TCP flags.

    • Purpose: Enumerate running services and identify open ports based on responses.

TCP Flags

  • Found in the TCP header and responsible for managing transmission and flow of packets across a network.
  • Used during Port Scanning to craft packets for:
    • Target OS detection.
    • Service version identification.
    • Identifying firewalls or packet filters.
Flag Function
URG (Urgent) Packet to be processed immediately.
PSH (Push) Transmits data immediately.
FIN (Finish) No further transmission.
ACK (Acknowledgment) Acknowledges receipt of a packet.
SYN (Synchronization) Initializes connection between host and target.
RST (Reset) Resets the connection.