7 hours 1 minute
welcome to the lesson on the scan phases of N map.
Like most software and map executes its processes in a sequence, with one phase completing before the next begins.
This lesson walks you through each of those phases.
Some of you might think that this lesson may not have a lot of practical implications, but I hope to prove to you otherwise.
Knowing how and map works under the hood will definitely help you as you use it.
One last thing. This lesson doesn't include a lab, so if you're not in front of a computer that runs and map, you won't miss anything.
Let's get started.
Here are the learning objectives for this lesson.
First, we're gonna answer the question. Why should I care about and maps scan vases.
Then we'll go through each scan phase in the order in which they are executed and processed.
And finally, I'll talk to you a little bit about what you can do with this information.
why should you care about? And maps can phases.
Well, I would argue that understanding how any software works always helps. When using it,
they give a car, for example. While it's true that Most people can get a long way by driving a car without ever having to know anything about how it works. You have to admit
that having a basic understanding of how it starts, runs and stops could be very helpful.
This is especially true if the car begins operating outside of the norm.
If the tire pressure gets low, it's good to know how that may affect performance or what should be done to resolve it.
Or if it struggles to start or overheats. It might be really helpful to know some things you can try before taking it to a mechanic.
Similarly, if you understand how N map process is a scan, it may really help you when the results of your scan don't match what you expected.
Additionally, it helps when you're constructing an end. Maps can,
For example, it's really helpful to know that end map performs target in new Marais shin in port scanning before performing version detection or OS detection.
If you don't specify the right target or don't include the right TCP or UDP boards in your scan version, detection and OS detection will either be inaccurate or will simply not work
like our analogy. If your car doesn't start and you don't know how to read the gas gauge to determine the tank is bone dry, you might be left wondering why it didn't start.
Also understanding the scan phases really helps. While tuning the performance of an end, maps can.
When using n map in the real world, you will almost always want to know what you can do to minimize the amount of time and computing resource is required while still effectively producing the results you're aiming to achieve,
even though in map operates very efficiently, there are many times when you can optimize its performance by simply adding or taking away some extra command line switches.
For example, if you're examining an email server, you probably don't need toe. Let and map scan the default 1000 most common ports.
During your scan, you can limit and map to scanning less than 10 of the most common boards used by email servers.
This could improve the scan performance by more than 50% yet produced the exact same results
some of you may consider. A lot of this is purely an academic exercise, but I really hope that I've provided you with a strong argument about why it matters that you at least have some cursory knowledge of the end. Maps can phases.
You don't necessarily have to memorize them, but it would be handy to keep them in the back your mind or have a quick reference of them nearby.
All of the information in this lesson comes from the reference I've provided from the end map website as the last bullet point in this slide.
The main thing to understand when looking at the scan phases is that scans proceed phase by phase.
In other words, each phase completes before the next one begins,
and they're not iterative.
That means, for example, that end map will not do port scanning. Then do OS detection, then go back and do more port scanning.
So here they are in order.
After this quick review will dive into what happens at each phase in more detail.
Phase one is script. Bree Scanning
phase two is target enumeration.
Phase three, Host Discovery
Phase four reverse. D. N s Resolution
face six. Version detection
face 70 s. Detection Face eight
Phase nine. Script scanning
in phase 11 script post scanning.
Now let's look at each phase one at a time.
Phase one script Re scanning
This phase on Lee occurs while running and map scripting engine or NSC scans,
which used the Dash Dash script or the Dash s Capital C switches.
Additionally, according to Theodore's book, this phase is for scripts, which only have to be run once Bren map execution rather than running separately against individual targets,
will cover NSC in detail later.
Target in new Marais Shin.
This phase occurs with every scan
essentially, and map determines every host to scan based on the user's command line argument.
There are a lot of ways to tell and map what target to scan, and we'll go over those later.
Just note that passing and map I P addresses or a group of I P addresses will make the scan faster. The names because N map doesn't have to do name resolution.
Phase three Host Discovery, also known as paying scanning
this phase, discovers which targets are online and worth investigating. Further, it could be skipped, bypassing the dash capital P lower case end,
which is no ping option
this causes and map to assume all target I pease air online.
This can be helpful if your scans have little to do with ICMP echo responses.
For example, you may be doing AARP requests or TCP or UDP scans. If the target is blocking or filtering ICMP messages, host Discovery will be a waste of resource is so turning it off for some scans. Maybe better use of your time computing and network capacities,
according to the book Once and Map has determined which hosts to scan,
it looks up
the reverse D. N s names of all hosts found online by the Ping scan.
Sometimes ah, host name provides clues to its function,
and names make reports more readable than providing. On Lee I. P addresses
this step, maybe skipped with a dash end or no resolution option
or expanded to cover all target I. P's even down ones with a Dash Capital R, which is resolved all
phase five ports. Scanning
at its core and by reputation, port scanning is what and map does better than any other tool.
In fact, many people simply consider and map a port scanner.
I'm hoping that this course shows how simplistic this view is,
probes were sent and the responses or non responses air used to determine whether the target's ports are open, closed or filtered.
This phase, in an end map scan, is very important and performed by default in every and maps can. However, it can be skipped by using the dash S n Option
Phase six version detection
when ports are found open and map attempts to determine the server software that is running on the target.
It sends additional probes to open ports and attempts to match responses to an end map database that contains thousands of service signatures.
This phase can be enabled
on any scanned by using the Dash s Capital V command line switch
phase 70 s detection.
The operating system detection phase is optional and his run on several default and map scans.
Also, you can add the dash capital O option on any skin to attempt operating system detection.
Similar diversion detection and map examines the responses to various network probes and compares those responses to signatures and behaviors of known operating systems.
Then it provides you with a degree of likelihood that the responses match one or more of those known operating systems.
Phase eight trace route.
Some scans may make use of and maps advanced trace route capabilities.
You can force and map to perform a trace route by using the dash dash trace route option in the command line
and map will determine the route to the target. Then run reversed D. N s resolution on several intermediate hosts in parallel in order to speed up the trace
Phase nine script scanning.
This is where most of the NSC scripts run rather than the pre scan or posts can phase. As I mentioned before, NSC will be covered in detail later in this course. But for now, just know that this phase of the scanning process is where most of the NSC scripts perform their processing
phase 10 output
in most scans, this is the final phase
After N map. Does all of its processing collects all information it has gathered during scanning
it either rights the output to the screen or do a single or multiple files
from a network inventory, forensic investigation or reporting standpoint. This is where N map really proves its value.
The output can be pulled into many different programs, like word processors, spreadsheets, databases or even HTML files. With some processing,
this course will spend some time on dealing with output other than just on screen.
It's one thing to tell people that you have determined details about a target, but quite another to show them the results of your analysis.
Phase 11 script Post scanning
This phase is currently more of an idea than an actual phase. In other words, if you learn the loop programming language to write your own NSC scripts and choose to add additional results processing in order to deliver reports and statistics, this is the phase in and Matt Processing that this would occur. No official
and map NSC scripts currently do this,
but and map is evolving constantly, so it is likely that this will change.
So now that you've learned the end, maps can phases, what should you do with this information?
Like I said earlier, keep it as a reference and burning into the back of your mind. When you run and map scans, you may not get the results you want, or you may not get them quickly enough
knowing how in Matt processes a scan can really help to make the most of your resource is, and it can help you troubleshoot when things don't look quite right
becoming proficient in and map takes time and experimentation.
But you'll never become an expert without understanding how it works under the hood.
In this lesson, we discussed why you should care about the end. Maps can phases.
We then learned about each of them,
and finally we briefly discussed what you should do with this information.
Thanks so much for walking through the phases of in maps, cans with me, and I'll talk to you in the next lesson.