Network Hacking: Ping Sweeps

Questions and Answers

What is the primary reason why inexperienced users rely on the default SYN scan?

• Because it is the easiest scanning technique to use (correct)
• Because it is the most effective scanning technique
• Because it is a complex scanning technique
• Because it is a widely used scanning technique

What is the primary function of Nmap in port scanning?

• To perform a ping sweep discovery
• To create a firewall to block incoming traffic
• To scan ports and determine their status (correct)
• To identify potential vulnerabilities in a network

What is the status of an open port?

• Filtering incoming traffic
• Inactive and non-responding
• Active and responding (correct)
• Blocked by a firewall

What is the primary characteristic of a filtered port?

It is blocked by a firewall or other network obstacle (A)

What is the purpose of using various application for ping sweep discovery?

To discover active hosts on a network (C)

What is the primary difference between an open port and a closed port?

An open port is active and responding, while a closed port is inactive and non-responding (C)

What is the benefit of using Nmap to perform port scanning?

It provides a quick and efficient way to determine port status (C)

What is the primary difference between a SYN scan and other scanning techniques?

A SYN scan is a simpler scanning technique (D)

What is the primary goal of port scanning?

To determine the status of ports on a network (B)

What is the primary advantage of using Nmap for port scanning?

It is a widely used and popular tool (C)

Flashcards are hidden until you start studying

Study Notes

Network Hacking (Scanning Networks)

• Scanning networks is Phase 2 of the 5 phases of Ethical Hacking, where we interact with target systems from information gathered in reconnaissance and footprinting phase.

Ping Sweeps

• Ping sweeps are used to identify active and responding systems within an IP address space.
• It helps to avoid wasting time and resources on scanning non-existent systems.
• Many tools are available for ping sweeps, including fping, masscan, Nmap, and netdiscover.
• Fping is a tool that sends ICMP echo requests to multiple systems, showing hosts that are active, elapsed time, and generating a list of targets from an address block.
• Fping requires being mindful of host-based firewalls, as systems may not respond to ICMP.
• Examples of ping sweep commands include fping -qag 192.168.17.0/24 and sudo netdiscover -r 192.168.17.0/24.

Port Scanning

• TCP/IP port numbers exist at the transport layer of the OSI reference model.
• TCP and UDP ports range from 0-65535 and can be open or closed, bounded to applications or services.
• Port scanning serves to identify software and versions used by the target to provide services.
• Nmap is a popular tool for port scanning, capable of scanning both TCP and UDP ports.
• Nmap supports detection of operating system types, applications, and application versions.
• Nmap scripts can be used for extended functions, categorized into types like auth, broadcast, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln.

Types of Port Scans

• SYN Scan (or half-open scan) requires root privilege to modify raw packets and uses the nmap -sS option.
• SYN Scan does not complete the TCP 3-way handshake, instead, sending a TCP RST (Reset) packet.
• TCP Scan (or full connect scan) completes the TCP 3-way handshake using the nmap -sT option.
• Nmap can output port status, which can be open, closed, or filtered.

Nmap Port Status

• Open port: active and responding.
• Closed port: not active and not responding.
• Filtered port: possible firewall, filter, or other network obstacle is blocking the port, so Nmap cannot tell whether it is open or closed.