Lab4-.pptx

Full Transcript

‫‪Lab 4‬‬
‫‪Gathering Network and‬‬
‫‪Host Information‬‬
‫ارجو قراءة الملف كامل قراءة جيدة ثم تنفيذ المطلوب في نهاية الملف‬
‫ارجو رفع كافة اإلجابات في ملف ‪ pdf‬واحد‬
‫ارجو تسليمه قبل الموعد المحدد لرصد الدرجة والتحضير‬
‫بإمكانك االستعانة بأحد زمالئك ان لزم االمر‬
‫كما يمكنك ارسال ايميل في حال واجهتك اي صعوبة‬
‫‪[email protected]‬‬
 Scanning
Scanning is the process of locating systems that
are alive and responding on the network.
Ethical hackers use scanning to:
1. identify target systems’ IP addresses.
2. determine whether a system is on the network
and available.
Scanning tools are used to gather information
about a system such as :
IP addresses,
the operating system,
and services running on the target computer.

2
Types of scanning

3
 Types of scanning
1.Port Scanning is the process of identifying open
and available TCP/IP ports on a system.
Port-scanning tools enable a hacker to learn about
the services available on a given system.
Each service or application on a machine is associated
with a well-known port number.
Port Numbers are divided into three ranges:
Well-Known Ports: 0 - 1023
Registered Ports: 1024 - 49151
Dynamic Ports: 49152 - 65535
Hackers need to be familiar with well-known port
numbers.
4
 Common port Numbers
On Windows systems, well-known port numbers
are located in:
C:\windows\system32\ drivers\etc\services file
The Services is a hidden file.
To view it, show hidden files in Windows Explorer,
and double-click the filename to open it with
Notepad.
The CEH exam expects you to know the well-known
port numbers for common applications:
FTP, 21 Telnet, 23 HTTP, 80
SMTP, 25 POP3, 110 HTTPS, 443

5
 Types of scanning

2.Network Scanning is a procedure for
identifying active hosts on a network, either to
attack them or as a network security
assessment.
Hosts are identified by their individual IP
addresses.
SO, Network-scanning tools attempt:
to identify all the live or responding hosts on
the network
And their corresponding IP addresses.

6
 Types of scanning
3.Vulnerability Scanning is the process of
proactively identifying the vulnerabilities of
computer systems on a network.
Vulnerability scanner steps:
First identifies the operating system and
version number
including service packages that may be
installed.
Then, identifies weaknesses or vulnerabilities in
the operating system.
Finally, the hacker can take advantage those
weaknesses in order to gain access to the
system. 7
 Types of scanning
Scanning can be quickly identified by an
intrusion detection system (IDS).
So, Scanning tools “ports , Network and
vulnerability ” can be recognized by most security
intrusion detection tools.
because the scanner must interact with the
target system over the network.
The IDS will detect the scanning and flag it as an
IDS event.
Some of the tools for scanning try to defeat an IDS
and scan undetected.
As ethical hacker it is your job to gather as
much information as possible and try and
remain undetected. 8
 The CEH Scanning Methodology

This methodology is the
process by which a
hacker scans the
network.
So, your job as ethical
hacker is to ensure
that no vulnerability
is ignored before the
hacker catch it to
perform his attack.

9
 Ping Sweep Techniques
1. Checking for systems that are live on the network
is the CEH scanning methodology first step, meaning
that they respond to probes or connection requests.
The simplest way to determine whether systems are
live is to perform a ping sweep of the IP address
range.
All systems that respond with a ping reply are considered
live on the network.
A ping sweep is also known as Internet Control Message
Protocol (ICMP) scanning.
ICMP scanning, or a ping sweep, is the process of
sending an ICMP request or ping to all hosts on the
network to determine which ones are lives and
responding to pings.

10
 Ping Sweep Techniques

A timeout indicates that the remote system is not
responding or turned off or that the ping was
blocked.

11
 Ping Sweep Techniques

A reply indicates that the system is alive and
responding to ICMP requests.

12
 Scanning Ports and Identifying
Services
2. Checking for open ports is the second step in
the CEH scanning methodology.
Port scanning is the method used to check for
open ports.
It involves probing each port on a host to
determine which ports are open.
It yields more valuable information than a ping
sweep about the host and vulnerabilities on the
system.
3. Service identification is the third step in the CEH
scanning methodology
it’s usually performed using the same tools as port
scanning.
By identifying open ports, a hacker can usually also
13
identify the services associated with that port
 nmap Command Switches
Nmap is a free, open source tool that quickly and efficiently
performs ping sweeps, port scanning, service
identification, IP address detection, and operating
system detection.
It can scan a large number of machines in a single session.
It’s supported by many operating systems, (Unix, Windows, and Linux).
The state of the port as determined by a nmap scan can
be:
1. Open means that the target machine accepts incoming
request on that port.
2. Filtered means a firewall or network filter is screening the
port and preventing nmap from discovering whether it’s
open.
3. Unfiltered mean the port is determined to be closed, and no
firewall or filter is interfering with the nmap requests.

14
Nmap example

15
Nmap example

16
 Assignment 1
By using Ping Sweep Techniques find the
following Find :
1. Alive system that respond to ICMP requests.
2. Remote system that either not responding
or turned off or that the ping was
blocked.

you can use the built-in ping command in
Windows to test connectivity to another system:
Open a command prompt in Windows.
Then type ping www.example.com
17
 Assignment 2
: https://www.netcraft.com

18
 Assignment 3
1. Perform Nmap Scanning: In the Kali Linux
terminal, run Nmap commands to perform
network scanning on the target machines. You
can explore different Nmap scanning
techniques and options to practice various
scenarios.
2. Analyze Results: Review the results of the
Nmap scans to understand the network
topology, open ports, and potential
vulnerabilities on the target machines.

Take screenshot of each assignment and put them
in one pdf file write your name
© Cengage Learning 2014 and submitted it 19