Network Host Discovery Techniques
40 Questions
0 Views

Network Host Discovery Techniques

Created by
@BestPerformingSnail6897

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of the Metasploit Framework?

  • Scanning network performance
  • Creating web applications
  • Penetration testing and exploiting vulnerabilities (correct)
  • Managing databases
  • NetScanTools Pro can only discover IPv4 addresses.

    False

    Which tool is used to perform a UDP scan on port 53?

    hping3

    The tool __________ provides packet-level network analysis for troubleshooting.

    <p>OmniPeek Network Analyzer</p> Signup and view all the answers

    Match the following tools with their descriptions:

    <p>Fing = Provides details like IP addresses, device vendor, MAC addresses on iOS/Android SolarWinds Port Scanner = Scans open ports and identifies vulnerabilities in network devices IP Scanner = Scans local networks to identify active devices on iOS PRTG Network Monitor = Monitors network availability and usage</p> Signup and view all the answers

    Which tool is a high-performance scanner aimed at large-scale network audits?

    <p>Unicornscan</p> Signup and view all the answers

    Mobile device scanning tools can perform port scanning.

    <p>True</p> Signup and view all the answers

    List one capability of the Metasploit Framework.

    <p>Vulnerability scanning</p> Signup and view all the answers

    Which technique uses ARP requests to discover active devices?

    <p>ARP Ping Scan</p> Signup and view all the answers

    ICMP Echo Ping Scan is ineffective for identifying active systems.

    <p>False</p> Signup and view all the answers

    What command is used for a UDP Ping Scan?

    <p>nmap -sn -PU</p> Signup and view all the answers

    The technique that sends TCP requests to initiate a 3-way handshake is called ______.

    <p>TCP SYN Ping Scan</p> Signup and view all the answers

    What response indicates that a host is inactive when using an ICMP Timestamp Ping Scan?

    <p>No Response</p> Signup and view all the answers

    Match the following scanning techniques with their respective commands:

    <p>ARP Ping Scan = nmap -sn -PR UDP Ping Scan = nmap -sn -PU ICMP Echo Ping Sweep = nmap -sn -PE TCP SYN Ping Scan = nmap -sn -PS</p> Signup and view all the answers

    The TCP ACK Ping Scan creates actual connections.

    <p>False</p> Signup and view all the answers

    What is the purpose of sending ICMP Address Mask requests?

    <p>To identify active hosts when ICMP Echo is blocked.</p> Signup and view all the answers

    What does SSDP stand for?

    <p>Simple Service Discovery Protocol</p> Signup and view all the answers

    A List Scan actively scans services and ports on a network.

    <p>False</p> Signup and view all the answers

    What is one primary advantage of using SSDP scans?

    <p>Allows finding devices like routers, printers, etc.</p> Signup and view all the answers

    SSDP uses multicast over _____ and _____ to communicate.

    <p>IPv4, IPv6</p> Signup and view all the answers

    What vulnerability can SSDP scans expose?

    <p>Buffer overflow</p> Signup and view all the answers

    List Scans utilize reverse DNS resolution to identify hostnames.

    <p>True</p> Signup and view all the answers

    Name one disadvantage of using List Scans.

    <p>Does not provide detailed info about the hosts.</p> Signup and view all the answers

    Match the scanning technique with its feature:

    <p>SSDP Scan = Detects UPnP vulnerabilities List Scan = Generates a list of IPs/hostnames Safety Concern = Vulnerable to exploitation if misconfigured</p> Signup and view all the answers

    What type of attack can exploit vulnerabilities in UPnP?

    <p>Buffer Overflow</p> Signup and view all the answers

    Active banner grabbing is a stealthy method of gathering OS information.

    <p>False</p> Signup and view all the answers

    What is the main purpose of a List Scan?

    <p>To generate a list of IP addresses and perform Reverse DNS resolution.</p> Signup and view all the answers

    The process of using a phone number to find someone's name is similar to _____ DNS resolution.

    <p>Reverse</p> Signup and view all the answers

    Match the following OS discovery techniques with their descriptions:

    <p>Active Banner Grabbing = Sends crafted packets to analyze responses Passive Banner Grabbing = Analyzes network traffic without interaction List Scan = Generates a list of IPs with Reverse DNS resolution Buffer Overflow = Malfunction from excessive data sent to a device</p> Signup and view all the answers

    Which of the following is a disadvantage of passive banner grabbing?

    <p>Slower and less detailed</p> Signup and view all the answers

    Active banner grabbing is more detailed than passive methods.

    <p>True</p> Signup and view all the answers

    What is the common term for OS fingerprinting?

    <p>Banner Grabbing</p> Signup and view all the answers

    What is an advantage of using the hping3 command with IP spoofing?

    <p>Bypasses firewalls that block specific IPs</p> Signup and view all the answers

    MAC address spoofing is effective even if the firewall doesn’t rely on MAC filtering.

    <p>False</p> Signup and view all the answers

    What command in Nmap can be used to randomize the order of hosts being scanned?

    <p>--randomize-hosts</p> Signup and view all the answers

    The attacker can send packets with __________ checksums to trick improperly configured firewalls.

    <p>incorrect</p> Signup and view all the answers

    What is a disadvantage of using hping3 for IP spoofing?

    <p>It cannot establish TCP connections</p> Signup and view all the answers

    Randomizing host order increases the chances of detection by network monitoring systems.

    <p>False</p> Signup and view all the answers

    Match the following command options with their functions in Nmap:

    <p>--spoof-mac = Spoofs the MAC address --randomize-hosts = Randomizes the order of host scanning --badsum = Sends packets with incorrect checksums -a = Spoofs the source IP address</p> Signup and view all the answers

    What is a potential disadvantage of sending packets with bad checksums?

    <p>Ineffectiveness against modern firewalls</p> Signup and view all the answers

    Study Notes

    Host Discovery Techniques

    • ARP Ping Scan - Sends ARP requests to find active devices on a network.
    • UDP Ping Scan - Sends UDP packets to identify active hosts.
    • ICMP Echo Ping Scan - Sends ICMP Echo requests to check for active systems.
    • ICMP Echo Ping Sweep - Used to find active hosts on a network by sending ICMP Echo requests to multiple hosts.
    • ICMP Timestamp Ping Scan - Sends ICMP Timestamp requests (useful when ICMP Echo is blocked).
    • ICMP Address Mask Ping Scan - Sends ICMP Address Mask requests (effective when ICMP Echo is blocked).
    • TCP SYN Ping Scan - Initiates TCP connection handshake (without establishing actual TCP connections).
    • TCP ACK Ping Scan - Sends TCP ACK requests - This can bypass firewalls that block SYN scans.

    SSDP and List Scan

    • SSDP Scan - Uses Simple Service Discovery Protocol (SSDP) to discover Universal Plug and Play (UPnP) devices on a network.
    • List Scan - Creates a list of IP addresses and hostnames without actively scanning or pinging them.

    OS Discovery/Banner Grabbing

    • Active Banner Grabbing - Uses crafted packets to analyze responses from a target system based on OS characteristics.
    • Passive Banner Grabbing - Gathers information from network traffic and error messages without interacting with a target system.

    Other Techniques

    • MAC Address Spoofing - Changes a device's MAC address to impersonate a legitimate user on a network.
    • Randomizing Host Order - Scans network hosts in a random order to avoid detection.
    • Sending Bad Checksums - Sends packets with incorrect checksums.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Explore various host discovery techniques such as ARP, UDP, and ICMP scans. In this quiz, test your knowledge on methods used to identify active devices on a network. Learn about the nuances of different scanning techniques and their applications for network discovery.

    More Like This

    Use Quizgecko on...
    Browser
    Browser