CEH v10: 03 Scanning Networks
Certified Ethical Hacker v10 Chapter 03: Scanning Networks
Protocols
These definitions is must-know !
- TCP (Transmission Control Protocol)
- UDP (User Datagram Protocol)
- ARP
- ICMP
- Ping Sweep: mass ICMP echo (ping) message
- SSDP
- DHCP
- DNS
- UPnP
TCP Flags
SYN
: Initiates a connection between two hosts to facilitate communicationACK
: Acknowledge the receipt of a packetURG
: Indicates that the data contained in the packet is urgent and should process it immediatelyPSH
: Instructs the sending system to send all buffered data immediatelyFIN
: Tells te remote system about the end of the communication. In essence, this gracefully closes the connectionRST
: Reset a connection
Three-way handshake
- Establish a TCP connection
OSI Model
Layer | Name | Example protocols |
---|---|---|
7 | Application layer | HTTP, SNMP |
6 | Presentation layer | MIME, ASCII |
5 | Session layer | SOCKS, NetBIOS |
4 | Transport layer | TCP, UDP |
3 | Network layer | IP, ICMP |
2 | Data link layer | MAC, ARP |
1 | Physical layer | ethernet, Wi-Fi |
TCP/IP Model
Layer | Name | Example protocols |
---|---|---|
4 | Application layer | HTTP, SNMP |
3 | Transport layer | TCP, UDP |
2 | Internet layer | IP, ICMP |
1 | Link layer | ARP, MAC |
Scanning Techniques
TCP Connect() / Full Open Scan
- Three-way handshake
- Completed connection
- Logged and detected
- Don't need ROOT
- nmap:
-sT
Open port:
Closed port:
Example:
nmap -sT danielgorbe.com
Stealth Scan / Half-Open Scan
- Half Three-way Handshake
- Nmap:
-sS
Open Port:
Closed port:
Example:
nmap -sS danielgorbe.com