The Implementing Scanning Techniques module provides you with the instructions and devices to develop your hands-on skills in the following topics:

  • Scanning networks using Nmap
  • Scanning networks using hping3

Lab time: It will take approximately 60 minutes to complete this lab.


The following objectives are covered in this lab:

  • Scanning networks

Exercise 1 - Scanning Networks using Nmap

The Nmap utility allows you to scan networks for identifying live hosts and the services they offer. This utility supports a wide variety of scanning techniques. Some of the scanning techniques supported by Nmap are:

-sS (TCP SYN scan): This is the default and most popular scan. This scan sends a SYN packet and then waits to receive a response. If the ports are open, this scan receives a SYN/ACK flag or a SYN packet in response. This scan is also known as half-open scan. -sT (TCP connect scan): This scan type demands the underlying operating system to establish a connection with the target machine and port by issuing the connect system call. -sN;-sF;-sX (TCP NULL, FIN and Xmas scans): These are the NULL, Stealth FIN, and Xmas Tree scans. All the three scans sends a FIN packet to ports, however, each uses different flags. Closed ports respond with an RST. The open|filtered ports ignore the packets and provides no response. -sA (TCP ACK scan): This scan never determines open ports instead determines the firewall rule sets that are being used. In this exercise, you will perform TCP SYN, TCP connect, TCP ACK, TCP NULL, FIN and Xmas scans. Please note though all the scans produce similar results, each scan uses different implementation internally as described above.

Exercise 2 - Scanning Networks using hping3

In this exercise, you will scan the network in the Practice Labs environment using hping3.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.