đ Scanning Networks
After getting public information about a target, the next step is to gather as much information as possible about the targetâs network.
This is done by scanning the targetâs network for active hosts, open ports, and services running on those ports.
nmap is the most popular open-source network scanner.
It is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Host discovery
Section titled âHost discoveryâHost discovery is the process of identifying active devices on a network.
# ARP ping scannmap -sn -PR TARGET
# UDP ping scannmap -sn -PU TARGET
# ICMP echo scannmap -sn -PE TARGET
# TCP SYN ping scannmap -sn -PS TARGETPort and service discovery
Section titled âPort and service discoveryâPort and service discovery is the process of identifying open ports and services running on a target.
# TCP SYN scannmap -sS TARGET
# TCP connect scannmap -sT TARGET
# TCP ACK scannmap -sA TARGETOS discovery
Section titled âOS discoveryâOS discovery is the process of identifying the operating system running on a target by analyzing the responses to various probes.
# OS detectionnmap -O TARGET
# Aggressive scannmap -A TARGETScan beyond IDS and Firewall
Section titled âScan beyond IDS and FirewallâScanning beyond an IDS or firewall is the process of bypassing security measures to identify open ports and services.
# Split packets into smaller fragmentsnmap -f TARGET
# Port manipulationnmap -g 80 TARGET
# Smaller packetsnmap -mtu 8 TARGET
# Decoy scannmap -D RND:10 TARGET
# Randomize MACnmap --spoof-mac 0 TARGET