CYBER SECURITY AND ETHICAL HACKING

Network Scanning Tools

Ashish Ramling Patil

Roll No: PGDCS414

Post Graduation Diploma in Cyber Security

BSE Institute Ltd.
 1. Ping:
Ping: is a network utility used to test the reachability of a host or server on an IP network
and measure the time taken for data packets to travel to the destination and back.
Uses of Ping:
1.Network Connectivity: Testing: Check if a device or server is online and reachable.
2.Latency Measurement: Determine the time delay (latency) between devices on a
network.
3.Troubleshooting: Identify network issues, such as packet loss or high latency.
4.DNS Testing: Check whether a domain name resolves to an IP address.
Example:
Command: `ping www.google.com`
- This will send ICMP requests to Google's server and display responses, showing network
connectivity and response times.
 2. Netstat:
Netstat (short for Network Statistics) is a command-line tool that displays detailed
information about network connections, routing tables, and various network interface
statistics on a system.
How Netstat Works:
Netstat provides details on all active network connections, including both incoming and
outgoing connections.
Protocol Information: Displays data for different protocols (e.g., TCP, UDP, ICMP).
Listening Ports: Shows which ports are open and listening for connections on the host
machine.
Routing Tables: Provides information about the system's routing table, which includes the
network paths for data packets.
Uses of Netstat:
1. Monitor Active Connections: Displays all active connections on the system and the
associated IP addresses and port numbers.
2. Troubleshooting: Helps identify network-related issues, such as port conflicts or
unauthorized connections.
3. Check Listening Services: Shows which services or applications are actively listening for
network connections.
4. View Routing Information: Allows you to view the current routing paths and identify
potential routing issues.
Example: Command: `netstat -an` - Displays all active network connections (both listening
and established) in numerical form.
 3. Wireshark:
Wireshark - is a powerful open-source network protocol analyzer used for capturing and
inspecting data packets in real-time across networks. It allows users to see what is
happening on their network at a granular level.
How Wireshark Works:
Packet Capturing: Wireshark captures live traffic on the network interface or analyzes
previously saved packet capture files (PCAP).
Protocol Decoding: It decodes a wide variety of network protocols, providing human-
readable details about the packets.
Filtering and Analysis: Users can apply filters to focus on specific traffic, such as IP
addresses, protocols, or ports.
Uses of Wireshark:
1. Network Troubleshooting: Helps identify network performance issues, congestion, or
errors by analyzing traffic at a detailed level.
2. Security Analysis: Detects malicious activities such as unauthorized access attempts,
malware communication, or suspicious traffic patterns.
3. Protocol Analysis: Examines and diagnoses protocol-specific issues (e.g., HTTP, FTP, DNS)
by decoding the traffic.
4. Performance Monitoring: Measures traffic flow, bandwidth usage, and latency between
different network nodes.
Example:-Capture Command: Start capturing packets on a specific network interface.
- Example filter: `http` (displays only HTTP traffic).
4. Nmap:
Nmap (short for Network Mapper) is a powerful open-source tool used for network
discovery, security auditing, and port scanning. It helps map out a network's structure and
identify vulnerabilities.
How Nmap Works:
 Host Discovery: Nmap identifies live hosts on a network.
 Port Scanning: It scans open, closed, or filtered ports on target devices.
 Service and OS Detection: Nmap identifies services running on open ports and can
detect the operating system of a host.
 Scriptable Interaction: Using Nmap Scripting Engine (NSE), users can perform
detailed vulnerability scanning.
1. Network Scanning: Identifies live hosts on a network.
2. Port Scanning: Detects open, closed, or filtered ports on devices.
3. Service Discovery: Identifies services running on open ports.
4. Security Auditing: Detects network vulnerabilities.
5. OS Detection: Determines the operating system of a host.
Example Commands:
 nmap -sP 192.168.1.0/24: Discovers live hosts on a network.
 nmap -sV 192.168.1.1: Scans open ports and detects services/versions.
5. Ipconfig: (Windows)
Ipconfig is a command-line tool used in Windows to display and manage the network
configuration of your system.
Key Uses of Ipconfig:
1. Display Network Information: Shows IP address, subnet mask, and default gateway.
2. Renew and Release IP Addresses: Used for refreshing DHCP-assigned IP addresses.
3. Flush DNS Cache: Clears DNS resolver cache to fix DNS issues.
Example: Command: `ipconfig`
Displays the current network configuration.
Releases and renews the IP address.
Ifconfig: (Linux/Unix)
Ifconfig is a command-line tool in Linux/Unix used to configure and display network
interfaces.
Key Uses of Ifconfig:
1. Display Network Interfaces: Shows IP address, netmask, and MAC address for interfaces.
2. Configure Network Interfaces: Enable or disable network interfaces, assign IP addresses.
3. Network Troubleshooting: Use for diagnosing network interface issues.
Example: Command: `ifconfig`
Displays the current configuration of all network interfaces.
Command : `ifconfig eth0 down` & `ifconfig eth0 up`
 6. Hydra :
- Purpose : Used for brute force attacks to crack passwords on various services (SSH, FTP,
HTTP, etc.).
Importance :
- Tests system security and identifies weak credentials.
- Supports many protocols (SSH, FTP, HTTP, etc.).
- Known for speed and efficiency.
- Essential for penetration testing and security assessments.
Common Commands :
- SSH attack:
Bash = hydra -l username -P passwordlist.txt ssh://target-ip
- FTP attack: bash
hydra -l username -P passwordlist.txt ftp://target-ip
- HTTP POST form attack: bash hydra -l username -P passwordlist.txt http-post-form
"/login:username=^USER^&password=^PASS^:Invalid login"
Example: - Use Hydra to test SSH login vulnerability:
bash hydra -l admin -P passwordlist.txt ssh://192.168.1.10
 7. Burp Suite :
Purpose: A comprehensive tool used for web application security testing, including
scanning, crawling, and exploiting vulnerabilities.
Importance: Web Vulnerability Testing : Detects and exploits security issues like SQL
Injection, Cross-Site Scripting (XSS), etc.
- Intercepts Web Traffic: Acts as a proxy to intercept and modify HTTP/HTTPS traffic.
- Automation: Performs automated scans for vulnerabilities.
- Customization: Extensible with plugins for added functionality.
- Professional & Community Versions: The paid version offers advanced features like
automated scanning and reporting.
Common Features:
- Proxy: Intercepts HTTP/S traffic for manual testing.
- Scanner: Identifies vulnerabilities automatically.
- Intruder: Automates customized attacks (e.g., brute force or fuzzing).
- Repeater: Manually sends crafted HTTP requests to test specific responses.
Example:
Intercept Traffic:
1. Set Burp as a proxy in your browser.
2. Open the target website and capture the requests.
3. Modify requests to test for vulnerabilities like XSS or SQL injection.
Burp Suite is essential for ethical hackers and penetration testers to identify and exploit web
app vulnerabilities effectively.
 8. Dnsenum: Purpose: A tool for DNS enumeration, used to gather DNS information
about a target domain.
Importance :
DNS Information Gathering : Retrieves information like subdomains, IP addresses, mail
servers, and name servers.
Zone Transfer Testing: Checks for DNS zone transfers, which can expose sensitive
information.
Bruteforce DNS: Finds hidden subdomains using a wordlist.
Penetration Testin: Used to map the attack surface by discovering potential entry points via
DNS.
Common Commands:
Basic DNS Enumeration: bash dnsenum targetdomain.com
Brute Force Subdomains: bash dnsenum --dnsserver 8.8.8.8 --enum -f wordlist.txt
targetdomain.com
Zone Transfer Testing: bash dnsenum --enum targetdomain.com
Example : Gather DNS Info for a target domain:
Bash dnsenum example.com
This would retrieve details such as IP addresses, subdomains, and mail servers, helping to
assess the domain's attack surface.
Dnsenum is vital for penetration testers to uncover critical DNS-related vulnerabilities and
misconfigurations.
9. Nessus : scanning networks, devices, and systems for weaknesses that attackers
might exploit. Nessus can generate detailed reports on vulnerabilities and suggest
remediation measures.

o Vulnerability Scanner: Nessus identifies security vulnerabilities, misconfigurations,

and malware on various systems like servers, devices, and networks.
o Extensive Coverage: It scans operating systems, databases, firewalls, web
applications, and network devices.
o Regular Plugin Updates: Nessus uses a plugin architecture with frequent updates to
detect new vulnerabilities and threats.
o Automated Scans: You can schedule scans to run regularly, ensuring continuous
monitoring of systems.
o Compliance Audits: Supports audits against standards like PCI-DSS, HIPAA, and CIS
benchmarks for regulatory compliance.
o Risk Prioritization: Nessus provides detailed reports, categorizing vulnerabilities
based on severity levels (low, medium, high, critical).
o Custom Policies: Users can create custom scan policies to suit specific organizational
requirements.
o Ease of Use: Nessus has an intuitive interface, making it accessible to both novice and
experienced users in cybersecurity.
o Exportable Reports: Scan results can be exported in various formats (HTML, CSV, etc.)
for analysis or sharing with stakeholders.
o Free & Paid Versions: Nessus Essentials (free) for small environments and Nessus
Professional (paid) for more advanced features and large-scale use.