Scribd
Upload
4 views6 pages

CEH Module 3 - Networks Scanning

The document provides an overview of TCP and UDP protocols, highlighting their differences in error checking, data delivery guarantees, and transmission speed. It also details TCP flags used in communication, the TCP 3-way handshake process, and practical objectives for network scanning, including live host detection and port scanning using Nmap. Various Nmap commands and their functionalities for scanning open ports, running services, and OS detection are also discussed.

Uploaded by

caden87599
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views6 pages

CEH Module 3 - Networks Scanning

The document provides an overview of TCP and UDP protocols, highlighting their differences in error checking, data delivery guarantees, and transmission speed. It also details TCP flags used in communication, the TCP 3-way handshake process, and practical objectives for network scanning, including live host detection and port scanning using Nmap. Various Nmap commands and their functionalities for scanning open ports, running services, and OS detection are also discussed.

Uploaded by

caden87599
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

----------------------------------------------------------------------------

Network
Scanning-------------------------------------------------------------------------
-

# TCP vs UDP
- TCP and UDP (Transmission Control Protocol and User
Datagram Protocol) are communications protocol that facilitate
the exchange of message (in form of Packets) between
computer devices in a network. These protocols decide how
packet will reach the destination. 65535
**TCP**
**UDP**

- Provides Error checking


- No Error Checking
Mechanism
- Automimic Retransmission possible
- Retransmission is not
possible
- Guarantees Delivery of Data
- No Guarantees of Data
Delivery
- Slower and less efficient for fast transmission
- Faster Transmission

in case of Packets loss


---------------------------------------------------
## TCP Flags:
- **SYN** : Sync flag is used to Initiate 3 way handshake
between hosts.
- **ACK** : Acknowledgment flag is used to acknowledge
the successful receipt of a packet.
- **FIN** : The Finished flag means there is no more data
from the sender. 1GB --> 50000 --> 1,2,3,4,5,6,.........50000
(FIN)
- **URG** : The Urgent flag is used to notify the receiver
to process the urgent packets before processing all other
packets.
- **PSH** : The Push flag is somewhat similar to the URG
flag and tells the receiver to process these packets as they are
received instead of buffering them.
- **RST** : Reset a Connection
---------------------------------------------------
## TCP 3 Way Handshake:
| Client | Direction | Server |
|:---------: |:---------:|:---------:|
| SYN | ----> | |
| | <---- | SYN+ACK |
| ACK | ----> | |

------------------------------------------------------------------------------------
---------------------------
# Practical Part
------------------
# Main Objectives
k1. **Scan live host**
k2. **Open Ports and Running Services**
k3. **OS and Architecture info**
k4. **Security Implemented (Firewall, IDS, IPS) Detection
and evasion**

1. Live hosts
arp-scan --local
nmap -sn <network>/<cidr> -sn
specify NO-Port Ping Scan
ping <ip>
netdiscover -r <network address>/<cidr>
--------------------------------------------------------------------------
# Nmap Port Scan Status
Open - If No response is received by Nmap, it means Port is
Open for connection.
Closed - If response is received by nmap with RST or SYN
flag, it means ports are closed.
Filtered - May be some kind of firewall is implemented on
client side.
Open/Filtered - Nmap is confused, either port is open or
filtered.
Closed/Filtered - Nmap is confused, either port is closed or
filtered
--------------------------------------------------------------------------
2. Open Ports and Running Services Scan
**Nmap**
nmap <ip>
Normal
Simple Port Scan
nmap -v <ip> Port
Scan with increase verbosity. (-vv is more powerful)
nmap <ip> <ip> <ip>
Scan Multiple host in single go
nmap <network>/cidr
Scan Entire Subnet
nmap -p 1-65535 <ip>
-p specify Port Numbers to scan.
nmap -sU <ip> Scan
1000 Common UDP Ports
nmap -T<0-5> <ip> -T
specify intensity of scan to time taken by scan. 5 is

fastest and 0 is slowest. Default Speed is 3(-


T3).
nmap -sT <ip> TCP
Connect Scan
nmap -iL list.txt scan
ip written in list.txt file (Separate IP by Space, Tab or New Line).
--exclude file list.txt (to exclude ip from search)
nmap -A <ip>
Aggressive Scan (it use -O -sC --traceroute -sV) options
nmap -O <ip> -O is
used for OS Detection
nmap -sC <ip> -sC
is used to run Default NSE Scripts --- **--script**
nmap -sV <ip> -sV
is used for Service Version Detection
nmap -6 <ip> IPv6
Scan
nmap -sS <ip> Sync
Scan/Ping. Helpful in case where ICMP pings are blocked.
nmap -Pn <ip>
Don't Ping Scan (When Firewall block Ping Packets)

--------------------------------------------------------------------------
3. OS Detection
nmap -O <ip> OS
Detection with Nmap
--------------------------------------------------------------------------
# We can also use Zenmap
--------------------------------------------------------------------------
--------------------------------------------------------------------------

You might also like