Scanning is the first step of hacking where an attacker sends network traffic to elicit responses from hosts and networks. This allows the attacker to determine live hosts, open ports, services, operating systems, and potential vulnerabilities. Common scanning tools are used to identify these details while avoiding detection from intrusion detection systems through techniques like IP spoofing and proxies. Scanning establishes a baseline of information about the target network that can be used for further attacks.
2. 2
• Scanning a network is the first real active
action taken by an attacker everything before
this has typically been passive or non-
intrusive.
• Scanning is the act to sending network traffic
to a host or network to elicit responses from
them the goal is to get responses back that tell
details about the network.
3. 3
• Goal of Scanning include determining live
hosts, ports, protocols, service and os and
application version this information is used
to further determine vulnerability and
possible avenues of attack
• Scanning can be performed over any
network connection
4. 4
• Targets are network devices and hosts-goal is
to gather port, protocol, services, banner
information to determine possible
vulnerability.
• Several different types of scans can be used
depends on goals, operating system, etc
typically not limited to one method of
scanning.
5. 5
• Several tools available for scanning most work
similarly and offer varying features Some are
“all-in-one” types of tools
• Additional goal is avoid detection by IDS
• Use of ip spoofing, proxies, etc. to assist in
stealth scanning and detection avoidance
6. 6
To identify live hosts on a network
To identify open & closed ports
To identify operating system information
To identify services running on a network
To identify running processes on a
network
To identify the presence of Security
Devices like firewalls
To identify System architecture
To identify running services
To identify vulnerabilities
7. TCP COMMUNICATION
There are two types of Internet Protocol (IP) traffic.
They are TCP(Transmission Control Protocol) and
UDP (User Datagram Protocol). TCP isconnection
oriented. Bidirectional communication takes place
after successfulconnection establishment. UDP is a
simpler, connectionless Internet protocol.Multiple
messages are sent as packets in chunks using UDP.
Unlike the TCP,UDP adds no reliability, flow-
control, or error-recovery functions to IPpackets.
Because of UDP’s simplicity, UDP headers contain
fewer bytes andconsume less network overhead
than TCP. Following diagram shows the TCP header
7
8. FLAG FILED IN THE TCP HEADER IS OF 9 BITS.
WHICH INCLUDES THE FOLLOWING 6 TCP
FLAGS: -
• SYN:- Initiates a connection between two hosts to facilitate
communication.
• ACK:- Acknowledge the receipt of a packet.
• URG:- Indicates that the data contained in the packet is urgent and
should process immediately.
• PSH:- Instructs the sending system to send all buffered data immediately.
• FIN:- Tells the remote system about the end of the communication. In
essence, this gracefully closes a connection.
• RST:- Reset a connection.
8
9. THREE-WAY
HANDSHAKING
• There is three-way
handshaking while establishing
a TCP connection between
hosts. This handshaking
ensures successful, reliable and
connection oriented session
between these hosts. The
process of establishment of a
TCP connection includes three
steps. As shown in the figure
9
10. TCP/IP
10
Consider Host P wants to communicate with Host Q. TCP Connection
establishes when host P sends a Sync packet to host Q. Host Q upon
receipt of Sync packet from Host P, reply to Host P with Sync+Ack
packet. Host P reply with Ack packet when it receives Sync+Ack
packet from host Q. After successful handshaking results in the
establishment of TCP connection.