What Is Network Scanning?- Network Scanning refers to a set of proceducers for identifying hosts, ports and services in a network.
Network Scanning is one of the components of intelligence gathering an attacker uses to create a profile of the target organization.
Objective of Network Scanning
- To discover live hosts, IP address, and open ports of live hosts.
- To discover operating systems and system architecture.
- To discover services running on hosts.
- To discover vulnerabilities in live hosts.
Network Scanning phase includes probing to the target network for getting information. When a user probes another user, it can reveal much useful information from the reply is recieved. In-depth identification of a network, ports and running services hepls to create a network architecture, and the attacker gets a clearer picture of the target.
TCP Communications Flags
- URG (Urgent) :- Data contained in the packet should be processed immediately.
- FIN (Finish) :- There will be no more transmissions.
- RST (Reset) :- Resets a connection.
- PSH (Push) :- Sends all buffered data immediately.
- ACK (Acknowledgement) :- Acknowledges the receipt of a packet.
- SYN (Synchronize) :- Initiates a connection between hosts.
Creating Custom Packet Using TCP Flags Using Colasoft
Colasoft Packet Builder enables creating custom network packets to audit networks for various attacks.
Attackers can also use it to create fragmented packets to bypass firewalls and IDS systems in a network.
Ping scan involves sending ICMP ECHO requests to a host. If the host is live, it will return an ICMP ECHO reply.
This scan is useful for locating active devices or determining if ICMP is passing through a firewall.
ICMP Scannig Cmd In Nmap :- nmap -0 [IP Address]
Ping sweep is used to determine the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts. if a host is live, it will return an ICMP ECHO reply.
Attackers calculate subnet masks using Subnet Mask Calculations to identify the number of hosts present in the subnet.
Attackers then use ping sweep to create an inventory of live systems in the subnet.
Ping Sweep cmd in Nmap:- nmap -sP [IP Address]
The Simple Service Discovery Protocol (SSDP) is a network protocol that works in conjunction with UPnP to detect plug an play devices available in a network.
Vulnerabilities in UPnP may allow attackers to launch Buffer Overflow or DoS attacks.
Attacker may use UPnP SSDP M-SEARCH information discovery tool to check if the machine is vulnerable to uPnP exploits or not.
Scanning In IPV6 Networks
IPV6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy.
Traditional network scanning techniques will be computationally less feasible due to larger search space (64 bits of host address space) provided by IPV6 in a subnet.
Scanning in IPV6 network is more difficult and complex that the IPv4 and also some scanning tools do not support ping sweeps on IPv6 networks.
Attackers need to harvest IPv6 addresses from network traffic, recorded logs or Recived from ; and other header lines in archived email or Usenet news messages.
Scanning IPv6 network, however, offers a large number of hosts in a subnet if an attacker can compromise one host in the subnet; attacker can probe the “all hosts link local multicast address”.
Also Read This :- How To Hack Pubg Mobile.
Network Scanning Tools :-
Network administrators scan use Nmap for network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Attacker uses Nmap to extract information such as live hosts on the network services (application name and version), type of packet filteres/firewalls, operating systems and OS versions.
Hping2 / Hping3
Command line network scanning and packet crafting tool for the TCP/IP protocol.
It can be used for network security auditing, firewall testing, manual path MTU discovery, advanced traceroute, remote OS fingerprinting, remote uptime guessing, TCP/IP stacks auditing, etc.
- Hping Commands :-
- ICMP Ping
- hping3 -1 10.0.0.25
- ACK Scan on port 80
- hping3 -A 10.0.0.25 -p 80
- UDP scan on port 80
- hping3 -2 10.0.0.25 -p 80
- SYN scan on port 80
- hping3 -8 50-60 -s 10.0.0.25 -v
- Fin, Push and URG scan on port 80
- hping3 -F -P -U 10.0.0.25 -p 80
- SYN Flooding a victim
- hping3 -5 192.168.1.1 -a 192.168.1.254 -p 22 –flood
Netscan Tools Pro
Network Tools Pro assists in troubleshooting, diagnosing, monitoring and discovering devices on the network.
It lists IPV4/IPv6 addresses, hostnames, domain names, email adderesses, and URLs automatically or with manual tools.
Network Scanning Tools for Mobile
- Umit Network Scanner
- IP Network Scanner
- PortDroid Network Analysis
- Pamn IP Scanner
- Network Discovery
Port Scanning Countermeasures
- Configure firewall and IDS Rules to detect and block probes.
- Run the port scanning tools against hosts on the network to determine whether the firewall properly detects the port scanning activity.
- Ensure that mechanism used for routing and filtering at the routers and firewalls respectively cannot be bypassed using particular source ports or source routing methods.
- Ensure that the Router, IDS, and firewall firmware are updated to their lastest releases.
- Use custom rules set to lock down the network and block unwanted ports at the firewall.
- Filter all ICMP messages at the firewalls and Routers.
- Perform TCP and UDP scanning along with ICMP probes against your organization’s IP addressess space to check the network configuration and its available ports.
- Ensure that the anti scanning and anti spoofing rules are configured.