Introduction to Network Scanning

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course. So in this video, we're gonna go over a brief introduction to network scanning. So we'll talk about what things like Ping are. We'll also talk through what is an ICMP echo reply as well as the request. We'll talk about that a little bit, and then we'll talk through some different scanning tools. So things like N map or H being three.
00:19
And then we'll also talk about some countermeasures that we could do against port scanning.
00:23
And a little later on in the course will have some demonstration videos to kind of show you what it looks like in the real world with using a tool like end map to try to identify information about our target.
00:35
So what is this ping thing? What is Ping that we're talking about? Well, pink stands for packet Internet groper and essentially, it's just a utility that we can use for network troubleshooting. So, for example, let's say that I'm tryingto
00:47
log in and go browse the Web. Different websites,
00:51
but I can't get access. I I log in to go to my computer. I launched Google Chrome, and it's telling me no Internet access.
00:58
So what I could do is I can come to the command line and windows, for example, and I could run the ping command and what I could do is I can ping ah website that I know I should be able to reach if I have a good connection.
01:08
So, for example, here, you see depicted pinging google dot com and you'll see that I've gotten a reply from Google, right? It's showing me that, yes, you're able to reach Google's website.
01:19
So Ping allows us to test things like the host to server reach, ability. And essentially, that's just what we're seeing here, right by Ping Google. I send them a basically a packet of information and they reply back, saying Yes, we got it right. And so Ping sends out four packets to the target server
01:38
and we'll reply back. And so you see here all of our packets came through,
01:42
but sometimes you might see that a packet drops or you get a message that says that something like the destination host is unreachable
01:52
and that may tell us a couple of things Number one. It could be that that server is actually unreachable. That we don't have a valid connection. Or it could also tell us that
02:01
the server might be using something like a firewall. And so because we're sending these ICMP packets, which is what pinging is sending here, then it's telling us that there's a firewall potentially in you. Such blocking, though. Those ICMP packets
02:15
when we see dropped packets s O, for example, if this was like reply, reply, reply and then
02:22
unreachable or packet dropped or packet loss, then that could tell us that number one. It's just a packet loss, right? Sometimes that happens on network connections.
02:30
It could also tell us that there's some congestion on that network could between us and that Web server. It could also mean that
02:38
maybe there's a bad cable. Maybe we've got a kind of a faulty cable, uh, that we're using in the house and it's connected. And we we need to replace that that cat six cable.
02:49
Or maybe there's just faulty hardware. Maybe the laptop were using ourselves, you know, or the the desktop we're using is faulty. Maybe the nick card is going bad, which is It does happen, eh? So there's a lot of things that it could be right. And so Ping is just a utility force to try to figure out what the issue might be.
03:07
So a way that we contest, for example, to see if the nick card is working
03:12
is weaken. Do what's called a loop back tests and all the loop back test is We're using Ping, but we're picking our actual local device so we could ping the local host. Or we could just ping the I P address of 1 27.0 dot 0.1 on DSO. If you're kind of newer, too
03:28
technology, I t. And stuff. If you're watching this course and you have no background at all,
03:31
you'll probably see on social media a lot. When people are talking about home, they put out there 1 27 0.1 right, You know, Hey, I'm trying to find my my home or whatever, So there's little names out there like that, so just you may see that out there. That's what we're talking about when we talk about
03:47
phoning home. Essentially, we're talking about that loop back test.
03:52
So I mentioned I p icmp Echo requests and replies, Let's talk about that a little bit because you will need to know some kind of basic information or at least have an idea or overview of ICMP. Echo replies for the CH exam. If you decide to go, take it
04:08
So we've got Type eight Echo. Reply. We've got our type zero reply. We've got our Type three reply as well as our type 11 reply. Let's just talk about specifically type three because this is really the one that you'll need to know for the EEC Council certified ethical Heck hacker examination.
04:28
So are type three destination unreachable, and we're gonna take kind of a 10,000 ft view here. We're not gonna deep dive into any of these. You really just need to understand some of the numbers and what they stand for for the EEC Council, sort of an ethical hacker examination. So, for example, we got zero network on reachable
04:46
one host from reachable, too. Is protocol unreachable? Three is port unreachable?
04:49
Number nine is the communication with the destination network is administratively prohibited.
04:57
We've got 10, which is the communication with the destination host is administratively prohibited on. Then finally, the communication is just overall administratively prohibited right, so the communication is actually blocked. For example, if I'm sending ICMP packet and it's got a firewall in place, it's just blocking that connection.
05:15
Port unreachable is one that you'll want to know and just keep in mind for the exam. I can't tell you if there's actually gonna be a question on it that you'll see. However, just based off my experience, you'll want to just make sure you know number three there specifically that that is, stands for port unreachable.
05:35
So let's talk about some of the different scanning tools that that we commonly use for network scanning.
05:42
So the main tools that will talk about they're gonna be end map as well as H. Ping three. And specifically, we're gonna focus quite a bit on end map once we do the demonstration video, just to show you what it actually looks like. End map is probably the most popular one in use, so n map could be used for things like inventory in the network by your like your network admin or system, and can use it
06:01
on the defensive side just for
06:03
monitoring the network, managing things like service upgrade schedules, monitoring the host or the service up time. Uh, as an attacker, we can use end map to get information about the live hosts on the network. We can learn about services that Aaron use. We could learn about operating systems and use
06:19
and what versions of the software, because then we can find specific vulnerabilities.
06:25
We could also learn about any type of packet filtering or firewalls that might be in used on the target system. So it's just very robust and allows us to do a lot of things to identify on that target now. One thing to keep in mind, though, is when you start running and map scans. This is considered active foot printing, right? So active information gathering.
06:44
And so we're actually sending packets to that target.
06:47
So there's a risk that as an adversary, we're gonna be detected by the defensive team because we're doing this.
06:54
So some of the common flags that might be used and flags were really just a way to set parameters right? So let's just say, for example, I go buy a new car and I've got all these features that I can have in my new card, you know, and they cost money. They cost extra money. But let's pretend that I'm
07:10
I'm Bill Gates, right. I've got billions of dollars, so it doesn't matter him. And I'm buying a Toyota, right? It's
07:15
It doesn't cost a lot of money. So I I decided to determine what flags I want. Right? Or what features I want in that car. I want air conditioning. I want a sun roof. I want I want the chrome wheels. You know, I want all the bells and whistles. Right? So that's what I'm doing. They're buying a car. I'm specifying
07:31
the different things that I want. The different features that I want
07:34
so I can get the ultimate thing that I want, which is that perfect car, right? Same thing. Here are a similar thing here with N map. We specify these flags to give us the information that we want so we can have that nice, shiny car at the end. So we've got the dash lower case s capital T.
07:51
This one is basically the full connect, right? So we run this flag and it will
07:57
give us that full TCP three way handshake with that target system.
08:01
We've also got our sins can. So that's that dash lower case as capital s and essentially, this one is a sin scan or still skin. Sometimes, as it's called, this one will do the first part of that TCP three way handshake. So let's say, for example, that you and I meet it a party
08:18
and I come come up to you and just say, How are you? And then you reply back, and then I just stand there and I keep saying, How are you? How are you? How are you? How are you? Right, So I can just keep sending that same syn packet over and over and over again. And I'm not actually acknowledging that you said, Oh, I'm good. How are you back to me, right? I'm not. I'm not even acknowledging that you sent back
08:37
that acknowledgement request.
08:39
So I'm not completing that three way handshake. I just continuously say, How are you? How are you? How are you? We got the dash which will allow us to identify the operating system in use and then dash P n,
08:50
which is allows us to dio port scans on Lee. And then we have Dash S M, which allows us to disable port scanning as well as our Christmas can. So that's that Dash s Capital X. One thing to keep in mind with the Christmas scanning is it doesn't actually work with versions of windows. So this is one something you use on against Linux systems.
09:09
And then we have HP Inc three so
09:11
we won't cover. This one is Aziz, much as we will end map in the demonstration part of the course. But let's just talk about some of the flags that we can use for H paying three. We've got the dash. Hey, which is an acknowledgement flag or acknowledgements? Can we've got the dash to which will perform a UDP scan? We've got the Dash one
09:28
what will perform? Basically, uh, ICMP Ping scan of that target I p address or that range of
09:35
I P addresses.
09:37
And then we have a dash capital s, which is essentially just a sin scan,
09:41
and we could use that for something like doing a syn flood on that host.
09:46
All right, so what are some of the countermeasures that we could do if we were on the defensive side? So you can start thinking through like Okay, Well, if I'm doing these attacks, what would the defensive side of people do? What are some countermeasures that we could do to port scanning? Well, we could do things like filtering those ICMP messages. So again, what we do that pin command. If we noticed that the request this timed out,
10:05
it may indicate that there's a firewall in use, and that's what we talk about with the filtering.
10:09
We could test our own networks with different port scanning tools so we could run and map scans on our own network and look for potential vulnerabilities. We can update the firmware. So again, when an attacker scanning our network and scanning these devices, they're looking for those easy wins, right? The last, the path of least
10:28
resistance. And so we want to make sure we keep all of our software and firm or up to date,
10:33
because then when they do the scan, they say, Oh, well, they're using the latest version.
10:37
I don't know any vulnerabilities for that, and they move on to another target,
10:41
and we can also configure on our devices anti scanning as well as anti spoofing rules so they can't spoof R. I P addresses. Quick, quick question here for you. Tanisha wants to run a stele skin and end map. So what flag should she uses? That gonna be the S T one? The s s or the s a command.
10:58
All right, So if you remember another name for this, the stele scan is sin scan. And so that's gonna be the dash Lower Case s Capital s again. That's one that we just send that sin packets if remember the example. We made it a party. And I just say, How are you doing, Thio? Over to you and you? You reply back with I'm good. How are you?
11:16
And I just keep saying How are you doing? How are you doing? How are you doing?
11:18
That's what we're talking about. What that since can we're not completing that TCP three way handshake. So in this video, we just talked what we talked about what Ping actually is. We also talked about some of the tools we can use for network scanning again. We're gonna have some brief demonstration videos on end map as well as H ping three
Up Next