Professional Documents
Culture Documents
PING UTILITIES
Alternatively, TCP/UDP packets are sent if incoming ICMP messages are blocked
Ping Utilities include
Ping TestPro,
WS_Ping ProPack, ( www.ipswitch.com )
NetScan Tools, ( www.nwpsw.com )
Hping, ( http://www.hping.org/download.html )
icmpenum ( www.nmrc.org/files/sunix/icmpenum-1.1.1.tgz )
Ping Sweep Detection Utilitiesinclude:
• Network based IDS( www.snort.org )
• Genius ( www.indiesoft.com )
• BlackICE ( www.networkice.com )
• Scanlogd ( www.openwall.com/scanlogd )
Scanning Networks L3 IPROSI, M. DIEDHIOU
11 II. CHECK FOR OPEN PORTS
Is the second step in the scanning methodology. Port scanning is the method
used to check for open ports.
Scanning Techniques
1 TCP Connect scan detects when a port is open by completing by the three-way handshake
2 TCP Connect scan establishes a full connection and tears it down by sending a RSTPacket
In Xmas Scan, attackers send a TCP frame to a remote device with FIN,
URG, and PUSHflags set
It will not work against any current version of Microsoft Windows
Port is closed
Port is open
UDPPortOpen
There is no three-way TCP Handshake for UDP scan
The system does not respond with a message when the port is open
UDPPortClosed
Ifa UDPPacket is sent to closed port, the system responds with ICMP port unreachable
message
Spywares, trojan horses, and other malicious applications use UDPports
Is the third step in the CEH scanning methodology; it’s usually performed using
the same tools as portscanning.
By identifying open ports, a hacker can usually also identify the services
associated with that port number
Nmap : is a free, open source tool that quickly and efficiently performs
ping sweeps, port scanning, service identification, IP address detection,
and operatingsystem detection.
IPEye: is a TCP port scanner that can do SYN, FIN, NULL, and XMAS scans.
Identifying the used on the target hosts allows an attacker to figure out the
vulnerabilities the system posses and the exploits that might work on a
system to further carry out additional attacks.
IDServe Netcraft
IDServe is used to identify the make, model, Netcraft reports a site’s operation system, web
and version of any web site’s server software server, and netblock owner together with, if
Itis also used to identify non-HTTP(non-web) available, a graphical view of the time since last
Internet servers such as FTP,SMTP,POP, NEWS, reboot for each of the computers serving the
etc.. site.
Netcat: This utility reads and writes data across network connections,
using the TCP/IPprotocol.
1. #netcat –vvwww.website.com 80
2. GET /HTTP/1.0
Specially crafted packets are sent to Banner grabbing from error messages
remote OS and the responses are noted Error messages provide information such as
type of server, type of OS, and SSL tool
The responses are then compared with used by the target remote system
a database todetermine the OS
Sniffing the networktraffic
Response from different OS variesdue Capturing and analyzing packets from the
to differences in TCP/IPstack target enables an attacker to determine
implementation OS used bythe remote system
Features
Agentless Auditing
Compliance checks
Contents audits
Customized reporting
High-speed vulnerability
discovery
In-depth assessments
Mobile device audits
Path management integration
Scan policy design and
execution
http://www.tenable.com
Features
Selectively creates custom
vulnerability checks
Identifies security
vulnerabilities and takes
remedial action
http://www.gfi.com
Retina CS ( www.beyondtrust.com )
Core Impact Professional ( www.coresecurity.com )
MBSA ( http://www.microsoft.com )
Shadow Security Scanner ( www.safety-lab.com )
Nsauditor Network Security Auditor (www.nsauditor.com )
OpenVAS( www.openvas.org )
Security Manager Plus ( www.indiesoft.com )
Nexpose ( www.rapid7.com )
SAINT ( www.saintcorporation.com )
Features
Network topology
discovery and mapping
Multi-level network
discovery
Auto-detect changes to
network topology
http://www.solarwinds.com
OpManager NetworkView
OpManager is a network monitoring software NetworkView is a network discovery and
that offers advanced fault and performance management tool for Windows
management functionality across critical IT Discovery TCP/IPnodes and routes using DNS,
resources such as routers, WAN links, switches, SNMP, ports, NetBIOS, and WMI
firewalls, VoIP call paths, physical servers,etc.
http://www.manageengine.com http://www.networkview.com
Network «Swiss-Army-
Net Master Scany
Kniffe »
Hides your IP
Address from
The websites
You visit
http://www.proxyswitcher.com
is a proxy server
that displays
data passing
through it in real
time, allows you
to drill into
particular TCP/IP
connections, view
their history, save
the data.
http://www.proxyworkbench.com
https://www.torproject.org http://www.cyberghostvpn.com
Scanning Networks L3 IPROSI, M. DIEDHIOU
40 VII.Proxy Servers
SocksChain (http://ufasoft.com )
Burp Suite(www.portswigger.net )
Proxifier ( http://www.proxifier.com )
Fiddler (www.telerik.com )
Proxy (www.analogx.com )
Protoport Proxy Chain (www.protoport.com )
ProxyCap (www.proxycap.com )
An anonymizer removes all the identifying information from the user’s computer while
the user surfs the internet.
Tails is a live operating system, that user can start on any computer from a
DVD, USB stick, or SD card.
https://tails.boum.org/install/download/index.fr.html
Scanning Networks L3 IPROSI, M. DIEDHIOU
45 VII.Proxy Servers
Pen testing a network for scanning vulnerabilities determines the network’s security
posture by identifying live systems, discovering open ports, associating services and
grabbing systembanners to simulate a network hacking attempt.
The penetration testing report will help system administratorsto:
FIN
DU
CHAPITRE