21 hours 43 minutes
module for understanding network protocols,
scanning network protocols.
In this lesson, we're gonna describe the tools available to scan network host for open ports and understand why we use network scanners as hackers.
So hopefully none of this is new to you. Network protocols is something, this is not a beginner course. So things like ICMP, TCP, udP, these you should all be familiar terms to you,
but basically we it's great to interact with our own host. We can fire up the command prompt or the terminal and interact with our own host. But the past Oh, SCP, you need to be able to interact with with a remote host so you're going to have to use a network.
So you you you know, maybe you'll call the help desk and you'll say, you know, I wanted to reach google dot com, I'm having problems and they'll say, you know, ping google dot com. And let's see if if those packets come back as lost or you're able to actually ping that host that's using ICMP.
Let's say you're able to figure out your networking issues and now you can ping google dot com with. No problem. Now, you want to open up a browser so you're using your browser, go to google dot com. Well, google wants to be available to you and you want a reliable connection. So you'll use TCP,
you'll use that three way handshake of your three way handshake is referring to TCP. I'll send a syn ack syn packet out to google. It will send a syn ack packet back and then I'll send an ack packet. We'll just keep going back and forth with TCP to make sure that connection is reliable until I terminate that connection.
UdP is a fire and forget protocol. So if I'm streaming video, if I'm streaming music, I'll use UDP. It's it's a fast protocol.
So let's say, you know, I'm looking at something like DNS DNS uses both TCP and UDP and if I'm using a network scanner, I want to scan DNS for both with both TCP and UDP. And that's to say that when I use a scanning tool, I'm looking for different services on different ports
and ports are like doorways. So if I know that DNS is on port 53 I'll scan for that. Maybe I'm looking for Ssh on port 22. But you know, if you're like me and have your own home network in your own raspberry pi, you may change a common port, like Ssh to a different port.
So there are commonly known ports are commonly used ports, you should be familiar with them, you should know what port 80 is, you should know what port 445 is. Um, but also know that people may obfuscate or change ports on you
also. Um I would recommend of course like Network Plus or Security Plus to kind of go over more of these protocols. What networking is, I think when I left law enforcement and got more into cybersecurity, what I was more comfortable with was networking just because as a hacker,
I mean you need to know about networking and how to interact with with hosts across the network and all the different protocols are
so there are more scanning tools than just these three. But I just wanted to point out these three. End Map being my favorite and Map has been around for a very long time, it's very reliable. Um It has the end map scripting engine which is very robust and finding various vulnerabilities
um and enumerating various services. I love N map, I think you know, SCP and map is perfect. Um but that's also to say that there is something like Net Cat.
So Net Cat isn't just used for things like getting a bind shell or getting a reverse shell. Net can also be used to scan different ports to see if they're open. There was a hack the box challenge where N map wasn't working for me, but Net Cat was and I found an open port using Net Cat where it says it was closed with End Map. So I didn't want to discount Net Cat.
There's also mass scan. So um mass can I have to say I've had a bit of of problems with mass scan in the past. It is very fast though. So when I was a special agent, actually a case where a company used mass scan and found something interesting. I can of course talk about that. But that's to say that you know, mass can is very fast. Uh it takes as says it can scan the entire internet
in only six minutes. So if you want to use a fast tool, mass scan is definitely a go to if you can get it to work. But the purpose of all this is to enumerate these hosts on the network.
So here's our quiz question.
Which network scanner claims it can scan the entire internet in six minutes. Well, I just said it so hopefully this is an easy one for you.
Is it N map, Net cat or mass scan?
And the answer
So in summary, we describe the tools available to scan network host for open ports and understand why we use network scanners as hackers.