Hello My dear friends,
How was my 1st part? I hope you like it. That was the theory stuff. when I was learning hacking past 2 year I always ignored theory part. Because i always wanted to be do practical things. I usually ask myself only why should I do waste my time for learning theory part rather than practical? But then I realize i was wrong.
without knowing theory part you can't understand practical things in hacking world. you have to go through that then you will be enjoy practical things.
Today we are learning about scanning mechanisms. how hacker's are going to be compromise your security?
and why this scanning mechanisms is so much more important? so here is we will discuss about different scanning part used in cyber security.
Ping Sweep
Ping sweep is used to determine the live host from a range of IP address by sending ICMP Echo request to multiple tools. If host is live, It will return an ICMP Echo reply.
Ping Sweep Tools
1) Angry IP Scanner
2) Utility Ping
3) Ping Scanner pro
4) Pinginfo View
So now generally all the scanning methods perform using TCP protocol. So TCP Set some Flags .So these flags are help to communicate over WAN/LAN/MAN Network.
URG (Urgent)
It States that the data contained in the packet should be processed immediately.
FIN (Finish)
It tells the remote system that there be no more transitions.
RST (Reset)
Used to reset a connection.
SYN (Synchronize)
Used to initiate a connection between hosts.
ACK (Acknowledgement)
Used to Acknowledgement the receipt of a packet.
PSH (Push)
Used to instruct the sending system to send all buffered data immediately.
Standered TCP communication are controled by flag in the TCP packet header.
So now we are looking forward to see the technique of scanning.
1) TCP Connect Scan
2) Stealth Scan
3) Syn/Ack/Fin Scan
4) Null Scan
5) Idle Scan
6) ICMP Echo Scanning
7) List Scan
1) TCP Connect Scan
--> TCP Connect scan details when a port is open by completing the three- way handshake.
--> TCP Connect scan establishes full connection & tears it down by sending RST Packet.
2) Stealth Scan
--> Attackers use stealth scanning technique to bypass firewall rules, logging mechanisms & hide themselves as usual network traffic.
--> If the port is open then the server responds with a syn/ack packet.
--> If the server responds woth an RST packet then the remote port is in the closed state.
--> the client send the RST packet to close the initiation before a connection can ever be established.
3) FIN Scan
--> FIN Scan sends a TCP frame to a remote device with FIN flag set.
--> FIN Scan only with TCP/IP Developed according to RFC 793
--> It will not work against any current version of microsoft windows.
--> IN FIN Scan attacker send TCP frame to remote host with any FIN flags set.
4) Null Scan
--> NULL Scan only works if O.S TCP/IP implementation is developed according to RFC 793.
--> Not work against any current version of M.C.W.
--> In This scan attacker send a TCP frame to a remote host with no flags.
5) Idle Scan.
--> Port is considered open if can application is listening on the port.
--> one way to determine whether a port to open is to send a "SYN" (Session Establishment) Packet to the port.
--> The target machine will send back a "Syn/Ack" (Session required acknowledge) packet it the port is open and an "RST(Reset)" packet if the port is closed.
--> A machine which receives an unsolitted Syn/Ack Packet will respond with an RST an unsolicited RST will be ignored.
--> Every IP Packet on the internet has a fragment identification number.
--> It is a TCP port scan method that allows sending spoofed packet to a computer through software tools such as NMAP & HPing.
6) ICMP Echo Scanning
--> This is not port scanning since ICMP does not have a port abstraction.
--> But it is useful to determine which host in a network are up by pinging them all.
--> e.g nmap -P cert.org /all 192.168.0.0/16
7) List Scan
--> This type of scan simply generates and prints a list of IP's/Names with out actually pinging or port scanning them. A DNS name resolution will also be carried out.
So we have seen different techniques from scanning .
but about piratical? so guys be ready for practical we very near to do some practical things after completing this portion. Don't forget to tell me how is this? and I'm also telling you most important thing belonging to this field. So just Wait And Watch.
