Scribd
Upload
8 views

Day 1 - Introduction

This document provides an introduction to networking concepts such as ARP, IP addressing, subnet masking, port scanning, and the nmap scanning tool. It defines ARP as resolving IP addresses to MAC addresses. It explains the classes of IPv4 addresses including private IP ranges. It also describes strategies for penetration testing like black box, white box, and gray box. Finally, it details the working of nmap including common switches, TCP flags, and the differences between full connect, stealth, FIN, and XMAS scan types.

Uploaded by

arhhussain.786
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views

Day 1 - Introduction

This document provides an introduction to networking concepts such as ARP, IP addressing, subnet masking, port scanning, and the nmap scanning tool. It defines ARP as resolving IP addresses to MAC addresses. It explains the classes of IPv4 addresses including private IP ranges. It also describes strategies for penetration testing like black box, white box, and gray box. Finally, it details the working of nmap including common switches, TCP flags, and the differences between full connect, stealth, FIN, and XMAS scan types.

Uploaded by

arhhussain.786
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Day 1 - Introduction

Saturday, January 27, 2024 9:19 AM

ARP (Address Resolution Protocol) - Resolves IP to MAC


➢ Ping -> to check the reachability
➢ TTL - Time to Live
➢ Hop count
➢ OS -> 128 - Windows
64 - Linux
PC 1 ARP
254 - CISCO IOS
Broadcast
Security by Obsecurity

192.168.175.131 PC 2 PC 3 192.168.1
75.140

IP Address -> Logical Address Private IP Address


IPv4 -> 32 bits - X.X.X.X -> 192.168.175.143 ➢ Class A - 10.0.0.0 - 10.255.255.255
IPv6 -> 128 bits - 340 undecillion - 340 trillion trillion trillion ➢ Class B - 172.16.0.0 - 172.31.255.255
➢ Class C - 192.168.0.0 - 192.168.255.255
Classes of IPv4

Subnet Mask
Class A 1-126 255.0.0.0 /8
Class B 128-191 255.255.0.0 /16
Class C 192-223 255.255.255.0 /24
Class D 224-239 -> Multicasting - One-to-Many
Class E 240-255 -> Research and Development

Strategies of Penetration Testing


➢ Black box
• Blind
• Double Blind
➢ White box
• Announced
• Unannounced
➢ Gray box

DHCP (Dynamic Host Configuration Protocol)

APIPA (Automatic Private IP Addressing)


Discover ➢ 169.254.0.1 - 169.254.255.254
DHCP SERVER
USER OFFER

Request

Acknowledge

Overloaded DISCOVER packets

Attacker

DHCP Starvation Attack


Rogue DHCP

New Section 1 Page 1


DHCP Starvation Attack
Rogue DHCP

Scanning

➢ Check whether the host is live or not - Ping, tracert/traceroute,hping3, arp-scan, nmap
➢ Find Open ports - nmap
➢ Find Services Running - nmap

Permissions in Linux
➢ Owner groups others
➢ rwx rwx rwx
7 7 7
R - Read - 4
W - Write - 2
X - Execute - 1

Chmod 777 <file.txt>

Nmap (Network Mapper) - Scanning tool

Working of Nmap Switches of Nmap


➢ Ping sweep ➢ -sn -> blocks everything and does a ping sweep
➢ DNS lookup ➢ -v -> Verbosity
➢ Reverse DNS lookup ➢ -Pn -> Blocks the Ping sweep
➢ Find Open Ports ➢ -n -> Block Reverse DNS resolution
➢ NSE (Nmap Scripting Engine) ➢ -p -> specify a port; -p23
➢ -p- -> Scans all the 65535 ports
➢ -sV -> Service Version detection
TCP Flags ➢ -sC -> Running default scripts
➢ SYN - Synchronization ➢ -O -> Operating system
➢ ACK - Acknowledgement ➢ -iL -> scans a list of IPs
➢ FIN - Finish ➢ -F - Fast scan -> well known 100 ports
➢ RST - Reset ➢ -oX -> Save the output in XML format
➢ PSH - Push
➢ URG - Urgent

Three way handshake

SYN
A B
SYN/ACK

ACK

New Section 1 Page 2


4-way handshake

FIN

A ACK
B

FIN

ACK

Nmap Scans
Nmap -sT -> TCP Full Connect

Port is Open

Nmap -sS -> Stealth Scan

Port is Open

Nmap -sF -> FIN scan No reply means port is Open

Nmap -sX -> XMAS scan


No reply ,means port is Open

For closed Ports

New Section 1 Page 3


New Section 1 Page 4

You might also like