The Implementing Scanning Techniques module provides you with the instructions and devices to develop your hands-on skills in the following topics:
- Scanning networks using Nmap
- Scanning networks using hping3
Lab time: It will take approximately 60 minutes to complete this lab.
The following objectives are covered in this lab:
- Scanning networks
Exercise 1 - Scanning Networks using Nmap
The Nmap utility allows you to scan networks for identifying live hosts and the services they offer. This utility supports a wide variety of scanning techniques. Some of the scanning techniques supported by Nmap are:
-sS (TCP SYN scan): This is the default and most popular scan. This scan sends a SYN packet and then waits to receive a response. If the ports are open, this scan receives a SYN/ACK flag or a SYN packet in response. This scan is also known as half-open scan. -sT (TCP connect scan): This scan type demands the underlying operating system to establish a connection with the target machine and port by issuing the connect system call. -sN;-sF;-sX (TCP NULL, FIN and Xmas scans): These are the NULL, Stealth FIN, and Xmas Tree scans. All the three scans sends a FIN packet to ports, however, each uses different flags. Closed ports respond with an RST. The open|filtered ports ignore the packets and provides no response. -sA (TCP ACK scan): This scan never determines open ports instead determines the firewall rule sets that are being used. In this exercise, you will perform TCP SYN, TCP connect, TCP ACK, TCP NULL, FIN and Xmas scans. Please note though all the scans produce similar results, each scan uses different implementation internally as described above.
Exercise 2 - Scanning Networks using hping3
In this exercise, you will scan the network in the Practice Labs environment using hping3.