Scribd
Upload
66 views10 pages

Dar Es Salaam Institute of Technology: Lab 3 Report

The document discusses network scanning, which is the process of obtaining additional information about a network in the reconnaissance phase. It describes objectives of scanning such as discovering live hosts, open ports, services, and vulnerabilities. Types of scanning include port scanning, network scanning, and vulnerability scanning. Scanning techniques are categorized into ICMP, TCP, and UDP scanning. Specific scanning tools and methods discussed include ping sweep, TCP connect scan, stealth scan, inverse TCP flag scan, Xmas scan, ACK flag probe scan, IDLE/IPID header scan, UDP scanning, and SSDP/List scanning. The lab report summarizes results of using tools like Hping and Advanced IP Scanner to scan the network and identify open ports and services on connected

Uploaded by

Joel John
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views10 pages

Dar Es Salaam Institute of Technology: Lab 3 Report

The document discusses network scanning, which is the process of obtaining additional information about a network in the reconnaissance phase. It describes objectives of scanning such as discovering live hosts, open ports, services, and vulnerabilities. Types of scanning include port scanning, network scanning, and vulnerability scanning. Scanning techniques are categorized into ICMP, TCP, and UDP scanning. Specific scanning tools and methods discussed include ping sweep, TCP connect scan, stealth scan, inverse TCP flag scan, Xmas scan, ACK flag probe scan, IDLE/IPID header scan, UDP scanning, and SSDP/List scanning. The lab report summarizes results of using tools like Hping and Advanced IP Scanner to scan the network and identify open ports and services on connected

Uploaded by

Joel John
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

DAR ES SALAAM INSTITUTE OF

TECHNOLOGY

LAB 3 REPORT

PROGRAM : B.Eng.18 COE

COURSE NAME : COMPUTER AND NETWORK

SECURITY

COURSE CODE : CSEU 07302

PARTICIPANTS

Meshack Fungo 160230220271


Thadey Yohanes 160230220297
Rosemary Mshanga 180240210096
Khairat Issa 180230210197
Gift Msigwa 160230220289
Isack Gilya 160240220253
PHASE TWO: SCANNING NETWORKS
Network scanning​ refers to the process of obtaining additional information and performing a
more detailed reconnaissance based on the collected information in the footprinting ​phase​. In
this ​phase​, a number of different procedures are used with the objective to identify hosts, ports,
and services in the target ​network​.

Objectives of Scanning Network


• To discover live hosts/computer, IP address, and open ports of the victim.
• To discover services that are running on a host computer.
• To discover the Operating System and system architecture of the target.
• To discover and deal with vulnerabilities in Live hosts

Types of Network Scanning


1. Port scanning​ - used to list open ports and services
2. Network scanning​ - used to list IP addresses
3. Vulnerability scanning​ - used to discover the presence of known vulnerabilities

Scanning Methodology
The Scanning Methodology includes the following step:-
● Checking for live systems
● Discovering open ports
● Scanning beyond IDS
● Banner grabbing
● Scanning Vulnerability
● Network diagram
● Proxies

Checking for live systems


initially, you must know about the hosts which are living in a targeted network. finding live hosts
in a network is done by ICMP packets. the target replies ICMP echo packets, with ICMP echo
reply. this response verifies that the host is live.

Scanning Techniques
They are categorized into three categories:
I. Scanning ICMP network services
II. Scanning TCP network services
III. Scanning UDP network services

Scanning ICMP network services

ICMP Scannin​g
ICMP scanning is used for identifying active devices and determining whether 
ICMP can pass through a firewall. 

Ping Sweep
A Ping sweep is used to determine the range of IP addresses that are mapped to 
active devices. This, in turn, enables them to create an inventory of active devices 
in the subnet. 

ICMP Echo Scanning


ICMP Echo Scanning is used to determine which hosts are active in a target 
network by pinging all the machines in the network.

Scanning TCP Network Services

TCP Connect
TCP connect scan used for detecting open ports upon the completion of the 
three-way handshake. It works by establishing a full connection and then 
dropping it by sending an RST packet. 

Stealth Scan
Stealth scan is used for bypassing firewall and logging mechanisms. It works by 
resetting the TCP connection before the three-way handshake is completed, 
which in turn makes the connection half-open. 

Inverse TCP Flag Scanning


Inverse TCP flag scanning works by sending TCP probe packets with or without TCP flags.
Based on the response, it is possible to determine whether the port is open or closed. If there is
no response, then the port is open. If the response is RST, then the port is closed.
Xmas Scan
Xmas scan works by sending a TCP frame with FIN, URG, and PUSH flags set to the target
device. Based on the response, it is possible to determine whether the port is open or closed. If
there is no response, then the port is open. If the response is RST, then the port is closed. It is
important to note that this scan works only for UNIX hosts.

ACK Flag Probe Scanning


ACK flag probe scanning works by sending TCP probe packets with ACK flag set in order to
determine whether the port is open or closed. This is done by analyzing the TTL and WINDOW
field of the received RST packet’s header. The port is open if the TTL value is less than 64.

Similarly, the port is also considered to be open if the WINDOW value is not 0 (zero). Otherwise,
the port is considered to be closed.

Scanning UDP Network Services

IDLE/IPID Header Scan


IDLE/IPID header scan works by sending a spoofed source address to the target to determine
which services are available. In this scan, hackers use IP address of a zombie machine for
sending out the packets. Based on the IPID of the packer (fragment identification number), it is
possible to determine whether the port is open or closed.

UDP Scanning
UDP scanning uses the UDP protocol to test whether the port is open or closed. In this scan,
there is no flag manipulation. Instead, ICMP is used to determine if the port is open or not. So, if
a packet is sent to a port and the ICMP port unreachable packet is returned, then that means
that the port is closed. If, however, there is no response, then the port is open.

SSDP and List Scanning


SSDP, or Simple Service Discovery Protocol, service responds to queries sent over IPv4 and
IPv6 broadcast addresses. Attackers use this scan to exploit UPnP vulnerabilities and carry out
buffer overflow or DoS attacks. List scanning indirectly discovers hosts. This scan works by
listing out IP addresses and names without pinging the hosts and with performing a reverse
DNS resolution to identify the names of the hosts.
LAB 3-1:

LAB 3-1: Hping Command (Scanning prots)

Zmap

LAB 3-3: Advanced ip Scanner

Step1: Download and install Advanced ip Scanner


Step2: Open Advanced ip Scanner and click Scanner to scan all IP adresses present in a
network
LAB 3-2: Hping Command ( Scanning )
Steps
1. To check the ip address provided by the network on command prompt run
ifconfig

2. To scan the members in the network 192.168.43.52, Scan the ip addresses from range
of 192.168.43.0-192.168.43.255 using subnet notation 192.168.43.52/24
3. Using nmap (Zenmap) provide the range and the type of scan as follows
4. The network has two connected hosts identified by 192.168.43.1 and 192.168.43.207

5. The host 192.168.43.207 has following ports/services available


135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
1688/tcp open msrpc
6. The host 192.168.43.1 has the following services/ports available
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?

You might also like