Network Hacking: Ping Sweeps

Questions and Answers

What is the primary reason why inexperienced users rely on the default SYN scan?

Because it is the easiest scanning technique to use (correct)

Because it is the most effective scanning technique

Because it is a complex scanning technique

Because it is a widely used scanning technique

What is the primary function of Nmap in port scanning?

To perform a ping sweep discovery

To create a firewall to block incoming traffic

To scan ports and determine their status (correct)

To identify potential vulnerabilities in a network

What is the status of an open port?

Filtering incoming traffic

Inactive and non-responding

Active and responding (correct)

Blocked by a firewall

What is the primary characteristic of a filtered port?

It is blocked by a firewall or other network obstacle

What is the purpose of using various application for ping sweep discovery?

To discover active hosts on a network

What is the primary difference between an open port and a closed port?

An open port is active and responding, while a closed port is inactive and non-responding

What is the benefit of using Nmap to perform port scanning?

It provides a quick and efficient way to determine port status

What is the primary difference between a SYN scan and other scanning techniques?

A SYN scan is a simpler scanning technique

What is the primary goal of port scanning?

To determine the status of ports on a network

What is the primary advantage of using Nmap for port scanning?

It is a widely used and popular tool

Study Notes

Network Hacking (Scanning Networks)

• Scanning networks is Phase 2 of the 5 phases of Ethical Hacking, where we interact with target systems from information gathered in reconnaissance and footprinting phase.

Ping Sweeps

• Ping sweeps are used to identify active and responding systems within an IP address space.
• It helps to avoid wasting time and resources on scanning non-existent systems.
• Many tools are available for ping sweeps, including fping, masscan, Nmap, and netdiscover.
• Fping is a tool that sends ICMP echo requests to multiple systems, showing hosts that are active, elapsed time, and generating a list of targets from an address block.
• Fping requires being mindful of host-based firewalls, as systems may not respond to ICMP.
• Examples of ping sweep commands include fping -qag 192.168.17.0/24 and sudo netdiscover -r 192.168.17.0/24.

Port Scanning

• TCP/IP port numbers exist at the transport layer of the OSI reference model.
• TCP and UDP ports range from 0-65535 and can be open or closed, bounded to applications or services.
• Port scanning serves to identify software and versions used by the target to provide services.
• Nmap is a popular tool for port scanning, capable of scanning both TCP and UDP ports.
• Nmap supports detection of operating system types, applications, and application versions.
• Nmap scripts can be used for extended functions, categorized into types like auth, broadcast, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln.

Types of Port Scans

• SYN Scan (or half-open scan) requires root privilege to modify raw packets and uses the nmap -sS option.
• SYN Scan does not complete the TCP 3-way handshake, instead, sending a TCP RST (Reset) packet.
• TCP Scan (or full connect scan) completes the TCP 3-way handshake using the nmap -sT option.
• Nmap can output port status, which can be open, closed, or filtered.

Nmap Port Status

• Open port: active and responding.
• Closed port: not active and not responding.
• Filtered port: possible firewall, filter, or other network obstacle is blocking the port, so Nmap cannot tell whether it is open or closed.

Description

This quiz covers the basics of ping sweeps, including how to use fping to scan a subnet. Learn about the importance of ping sweeps in network hacking.