Skip to main content

Network Scanning :


After the reconnaissance and information-gathering stages we have scanning. It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. During scanning, the hacker continues to gather information regarding the network and its individual host systems. . Information such as IP addresses, operating system, services, and installed applications can help the hacker determine which type of exploit to use in hacking a system.
Scanning is the process of locating systems that are alive and responding on the network.
Ethical hackers use scanning to identify target systems’ IP addresses. Scanning is also used
to determine whether a system is on the network and available. Scanning tools are used to
gather information about a system
In our hacking track we have three types of scanning
1. Port scanning :- It Determines open ports and services.
2. Network scanning:- Identifies IP addresses on a given network or subnet.
3. Vulnerability scanning:- Identifying weaknesses(Security loopholes) on target systems.
Port Scanning :- Port scanning is the process of identifying open and available TCP/IP ports
on a system. Port-scanning tools enable a hacker to learn about the services available on a target system. Port numbers are divided into three ranges:
1. Well-Known Ports: 0-1023
2. Registered Ports: 1024-49151
3. Dynamic Ports: 49152-65535
Network Scanning:- Network scanning is a procedure for identifying active hosts on a
network, either to attack them or as a network security assessment. Hosts are identified
by their individual IP addresses. Network-scanning tools attempt to identify all the live or
responding hosts on the network and their corresponding IP addresses.
Vulnerability Scanning:- Vulnerability scanning is the process of Identifying the
vulnerabilities of computer systems on a network. Generally, a vulnerability scanner first
identifies the operating system and version number, including service packs that may be
installed. Then, the scanner identifies weaknesses or vulnerabilities in the operating system.
During the later attack phase, a hacker can exploit those weaknesses in order to gain access
to the system.
Scanning Methodology
As a Ethical Hacker, you are expected to be familiar with the scanning methodology mentioned below. This methodology is the process by which a hacker scans the network. It ensures
that no system or vulnerability is overlooked and that the hacker gathers all necessary
information to perform an attack.
We’ll look at the various stages of this scanning methodology, starting with the first three steps.
1. checking for systems that are live.
2. checking for open ports.
3. checking for services identification.
Scanning Methodologies:
1. Check for Live Systems
2. Check for Open Ports
3. Service Identification
4. Banner Grabbing /
5. OS Fingerprinting
6. Vulnerability Scanning
7. Draw Network Diagrams of
8. Vulnerable Hosts
9. Prepare Proxies
10. Attack

Identifying live systems using a Windows Ping:

To use the built-in ping command in Windows to test connectivity to another system:
1. Open a command prompt in Windows.
2. Type ping www.microsoft.com.
A timeout indicates that the remote system is not responding or turned off or that the ping
was blocked. A reply indicates that the system is alive and responding to ICMP requests.
Identifying live systems and open ports using  Advanced IP Scanner:
Advanced IP Scanner is one of the best tool to scan network, to find live systems, IP address, MAC address , and open ports. Here’s what it looks like:


As you can see, it can enumerate a bunch of different systems or a bunch of different hosts that are responsive. One interesting bit is that, some of these are not Windows hosts. Some have nothing to do with Windows or nothing to offer Windows but are still valid hosts.
Advanced IP Scanner goes a little bit beyond the typical ping sweep or just pinging IP addresses because it can give us interesting information about the hosts out there, like IP address , MAC address, netbios names, and user names of currently logged in users.


 Identifying live systems and open ports using  Superscan:
Super Scan be considered as one of the complete tool that can be used for scanning as well as getting domain information about target system along with windows enumeration. It can perform all stages of scanning and hence most of the time becomes best choice for every hacker on windows system. Here in this section we will see how to use Super Scan.
 
Type IP address of target you want to scan in Hostname/IP. To scan range of IP address type Start and End IP. If you want to add range of IP address then in notepad specify each IP/Host on new line and import it via 'Read IPs from file' option. To start scan press blue arrow button. The scan will start and it will show result.

As you can see above result we have got nine live hosts in given range of IP address.
You can scroll it down to view the result. And also view overall result in HTML format, by clicking 'view HTML' result option.



This is the overall scan result in HTML format. In this result you can see we got IP address, MAC address, NETBIOS names etc..





Identifying live systems and open ports  Advanced Port Scanner:
But personally, I prefer interface tools. One of them is Advanced Port Scanner, which is a sister product of Advanced IP Scanner. Here’s what it looks like:





You can see that, for each of the hosts it found, it actually conducted a closer examination. So, for example, in host 192.168.1.6, I can see which ports are open. They’re 139, 135, and 445. Because I recognize these as typical Microsoft ports, then my guess is that this host probably runs on a Microsoft operating system.




You can see different ports on different systems. For example, the next one has Telnet and HTTP. One really interesting thing about this one is that it thinks it’s a web server but it also has its printer port open.  This already gives me a lot of interesting information without even having to attack the system.

More Scanning Tools:

NetBIOS Enumerator
nmap
Angry IP scanner
NetScanTools
IPSecScan
IP tools
Nscan

Popular posts from this blog

Introduction

What is computer hacking? Introduction to Hacking                                   This is the first term in our hacking track. And in this track we are going to learn how to hack computers , hack networks etc.. as we can say in simple language Hacking is simply a technical skill set. Means how hacking attack happens , how to plan hacking attack etc.. is simply a technical skill set.  So in this track . If you decided to hack, you are the only responsible person for that. So if you do something illegal with computer system that is all on you, do not blame us. So in this Track we are going to learn introduction to hacking , how to do hacking, it includes how to plan the attacks, why you do hacking ,   what you can do with hacking , in short how hacking works. What is computer hacking ?                      In a simple language 'Hacking is a non-conventional   way of interacting with the system'. Here Conventional way means how software designers wa