Open in app

Sign in

Write

Sign in

[Project]How to conduct network scanning

Lab1: UDP and TCP Packet Crafting Techniques using HPING3

Takahiro Oda
4 min readDec 19, 2021

Capture the traffic on the Ethernet interface

-c 3 means that only want to send three packets to the target machine

— scan parameter defines the port range to scan

-S means SYN flag

-S means SYN request

-p means to pass the traffic via which port

-c how many

Get the information of TCP packet stream

Lab2: Understanding Network Scanning Using Nmap

Nmap scans the entire network and shows information for all the hosts that were scanned, along with the open ports, device type, OS details,

Ports/Hosts tab, and choose a host’s IP address to view all the open ports

topology
Host details
Services

Nmap — packet-trace 10.10.10.10

>sends some packets to the intended machine and receives packets in response to the sent packets

Show Comprehensive Scan uses three different protocols -TCP, UDP and SCTP, and helps in determining what OS, services and versions

It is an intense scan using UDP protocol in addition with some more options.

This scan in performed in an attempt to trace the machines on a network, even if thet are configured to block Ping requests.

TCP Connect Scan is the most basic form of TCP scanning.

If the port is listening, connect will succeed, otherwise, the port isn’t reachable. Don’t need special privileges

-sT. > TCP

-T3 > with a normal timing

Xmas Scan

Nmap -sX -T4 10.10.10.12

-T4 aggressive timing

  • ACK Scan

Send an ACK probe packet with a random sequence number.

No response means the port is filtered and an unfiltered response means the port is closed

IDLE scan

If the port is not open on the target machine, keep enforcing IDLE scan by probing other ports

ping sweep

Nmap scans the subnet and shows a list of the alive systems

Lab3:Information Gathering Using Metasploit

I use the tool “Metasploit” to test the system vulnerability. It facilitates the tasks of attackers and allow the combination of any exploit with any payload because the framework is the module approach.

Information Gathered

1: Collect information about postgresql status and information.

2: Use Nmap to find the total number of hosts active in the subnet

3: Enumerate the system information such as name, OS and OS_flavor.

Metasploit
Nmap
Network
Cybersecurity
Projects

--

--

Takahiro Oda
Takahiro Oda

Written by Takahiro Oda

439 Followers
1 Following

Cloud security engineer https://www.linkedin.com/in/takahiro-oda-881423197/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams