SlideShare a Scribd company logo

Network scanning

Download as PPTX, PDF
oceanofwebs, profile picture
oceanofwebs

A network consists of 3 parts: IP addresses, services, and ports. An IP address has a network and host address determined by the subnet mask. Services are network protocols that link server and client applications, typically running on specific ports, though any service can run on any port. Ports allow different services to be available from one location, with common services using well-known ports. Network scanning includes host scanning to locate hosts, port scanning to determine services, and vulnerability scanning to find known flaws using signature-based tools like Nmap, Nessus, GFI LANguard, and SuperScan.

Technology
Related topics:
Penetration-Testing
1 of 14
Downloaded 180 times
1
2
3
4
Most read
5
6
7
8
Most read
9
10
11
Most read
12
13
14
Network Basics • A netowk consist of 3 parts 1. IP Address 2. Services 3. Port • IP Addresses – An address is comprised of two parts- a network address and a host address and determined by the subnet mask. – A simple example is 192.168.1.1 with a subnet mask of 255.255.255.0. • 192.168.1 is the network address (the 192.168.1.0 network) and .1 is a host address on that network. Oceanofwebs.com 1
• Services – The network protocol that listens for incoming connection requests and links the server application with the client – Typically each service runs on a set of specific ports – In actuality, any service can run on any port • Therefore, you should put only limited trust in port/service mappings. – Use an application scanner (service detection) to ensure find out what application is really running on that port. – Nmap has service detection 2Oceanofwebs.com
• Ports • A port is where a service listens for connections • Common services use common well-known ports • Could use any port as long as both the server and the client know which port to connect to • Ports allow different services to be available from one location or IP Address 3Oceanofwebs.com
Scanning • Types of scanning – Host (Ping) Scanning – Port Scanning – Vulnerability Scanning 4Oceanofwebs.com
Host Scanning • Hackers perform host scanning to locate and identify hosts on the network. • Usually by “pinging” a range of IP addresses. • Host which respond to pings may be targeted for attack. 5Oceanofwebs.com
Port Scanning • Hackers perform Port Scans to determine what services a host may be running. • By knowing the services the hacker can attempt attacks against known vulnerabilities in the service. • Port scans attempt to make initial connection to service running on a particular port number. • Port scans are invasive and are easily detected by Intrusion Detection and/or firewalls. 6Oceanofwebs.com
Vulnerability Scanning • What is vulnerability scanning? – Used to find known flaws within an application or network. – These scanning tools are typically signature based and can only find vulnerabilities that the tools know about. – Many good commercial and freeware tools are available. 7Oceanofwebs.com
Scanning Tools • Host & Port Scanning – Nmap • Vulnerability Scanning – GFI and Nessus 8Oceanofwebs.com
9Oceanofwebs.com
Scanning Tool - Nmap • The only port scanner you’ll need • Pros – FREE – Continually Updated – OS Detection and Service Detection – Support for both Windows and Unix • Cons – No standard Graphical User Interface LINK: (www.insecure.org) 10Oceanofwebs.com
Scanning Tool- SuperScan Pro’s – FREE download from Foundstone – Very stable, Fairly fast – Graphical User Interface Con’s – Windows version only – No stealth options, no Firewall Evasion – Service Detection/Application Mapping • LINK: (www.foundstone.com) 11Oceanofwebs.com
12Oceanofwebs.com
Scanning Tool – Nessus • Pros – Nessus is free – Large plugin or signature base – You can customize and create new plugins • Cons – Tenable took Nessus private (closed source) – Purchasing plans for new plugins – Shareware plug-ins are seven days behind LINK: (www.nessus.org) 13Oceanofwebs.com
Scanning Tool – GFI LANguard Network Security Scanner • Pros – Port Scanner, Enumeration, and Vulnerability Scanner – Many features such as SNMP and SQL brute force – Great for Windows networks • Cons – Lacks extensive signatures for other operating systems – Look to Nessus for scanning heterogeneous networks 14Oceanofwebs.com

More Related Content

PPT
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
Footprinting and reconnaissance
NishaYadav177
 
PPTX
Ethical Hacking - sniffing
Bhavya Chawla
 
PPTX
Password Cracking
Sina Manavi
 
PDF
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
 
PPTX
Brute force-attack presentation
Mahmoud Ibra
 
PDF
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
 
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
Footprinting and reconnaissance
NishaYadav177
 
Ethical Hacking - sniffing
Bhavya Chawla
 
Password Cracking
Sina Manavi
 
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
 
Brute force-attack presentation
Mahmoud Ibra
 
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
 

What's hot (20)

PPTX
Introduction to Malware Analysis
Andrew McNicol
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Nmap
Sreekanth Narendran
 
PPTX
Reconnaissance - For pentesting and user awareness
Leon Teale
 
PPTX
NMAP - The Network Scanner
n|u - The Open Security Community
 
PPTX
Introduction to Snort
Hossein Yavari
 
PDF
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
PPTX
Types of Malware (CEH v11)
EC-Council
 
PDF
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
PPTX
Malware analysis
Prakashchand Suthar
 
PDF
Cyber security and demonstration of security tools
Vicky Fernandes
 
PPTX
What is Penetration Testing?
btpsec
 
ODP
Scanning with nmap
commiebstrd
 
PDF
Nmap
Fat-Thing Gabriel-Culley
 
PPTX
Packet sniffers
Kunal Thakur
 
PPTX
Intrusion prevention system(ips)
Papun Papun
 
PPT
Module 3 Scanning
leminhvuong
 
PPTX
Intrusion detection
CAS
 
PPTX
User authentication
CAS
 
Introduction to Malware Analysis
Andrew McNicol
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Introduction to penetration testing
Nezar Alazzabi
 
Nmap
Sreekanth Narendran
 
Reconnaissance - For pentesting and user awareness
Leon Teale
 
NMAP - The Network Scanner
n|u - The Open Security Community
 
Introduction to Snort
Hossein Yavari
 
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Types of Malware (CEH v11)
EC-Council
 
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Malware analysis
Prakashchand Suthar
 
Cyber security and demonstration of security tools
Vicky Fernandes
 
What is Penetration Testing?
btpsec
 
Scanning with nmap
commiebstrd
 
Nmap
Fat-Thing Gabriel-Culley
 
Packet sniffers
Kunal Thakur
 
Intrusion prevention system(ips)
Papun Papun
 
Module 3 Scanning
leminhvuong
 
Intrusion detection
CAS
 
User authentication
CAS
 
Ad

Viewers also liked (20)

PPT
Port scanning
Hemanth Pasumarthi
 
PPT
Port Scanning
amiable_indian
 
PDF
Ch 5: Port Scanning
Sam Bowne
 
PPT
Nmap(network mapping)
SSASIT
 
PDF
Ch 3: Network and Computer Attacks
Sam Bowne
 
PPTX
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
RTF
Port Scanning Overview
Publicly traded global multi-billion services company
 
PDF
Nmap Basics
amiable_indian
 
PPT
Dynamic Port Scanning
amiable_indian
 
PDF
Hacking With Nmap - Scanning Techniques
amiable_indian
 
PDF
Scan tool basics
gustavus diagnosis
 
PDF
ethical-hacking-guide
Matt Ford
 
PPT
Common hacking tactics
Fariha Khudzri
 
PDF
Secure and Simple Sandboxing in SELinux
James Morris
 
PPT
Hack In Paris 2011 - Practical Sandboxing
Tom Keetch
 
PPTX
Sandboxing in .NET CLR
Mikhail Shcherbakov
 
PPT
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
PDF
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
 
PPT
File Transfer protocols
Aayushi Pareek
 
PPTX
Content Analysis System and Advanced Threat Protection
Blue Coat
 
Port scanning
Hemanth Pasumarthi
 
Port Scanning
amiable_indian
 
Ch 5: Port Scanning
Sam Bowne
 
Nmap(network mapping)
SSASIT
 
Ch 3: Network and Computer Attacks
Sam Bowne
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
Port Scanning Overview
Publicly traded global multi-billion services company
 
Nmap Basics
amiable_indian
 
Dynamic Port Scanning
amiable_indian
 
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Scan tool basics
gustavus diagnosis
 
ethical-hacking-guide
Matt Ford
 
Common hacking tactics
Fariha Khudzri
 
Secure and Simple Sandboxing in SELinux
James Morris
 
Hack In Paris 2011 - Practical Sandboxing
Tom Keetch
 
Sandboxing in .NET CLR
Mikhail Shcherbakov
 
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
 
File Transfer protocols
Aayushi Pareek
 
Content Analysis System and Advanced Threat Protection
Blue Coat
 
Ad

Similar to Network scanning (20)

PPTX
Scanning networks (by piyush upadhyay)
Piyush Upadhyay
 
PPTX
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Boston Institute of Analytics
 
PPTX
What is a Port Scan in data visualization
Komal Khanna
 
PDF
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
Joshua Gorinson
 
PPTX
ServicesPorts on systems, identifying open ports
kinipradeep2
 
PPTX
Hacking - penetration tools
JenishChauhan4
 
PDF
Vulnerability
Mohit Dholakiya
 
PPTX
An Toan Thong Tin.pptx
VuongPhm
 
PPTX
Analyzing Open Ports on Websites: Functions, Benefits, Threats, and Detailed ...
Boston Institute of Analytics
 
PPT
Port Scanning in computer networks with .ppt
imranahmadrana28
 
PPTX
Scanning and Enumeration in Cyber Security.pptx
MahdiHasanSowrav
 
PPTX
Web hacking 1.0
Q Fadlan
 
PDF
Network Security Tools
Emanuela Boroș
 
PPTX
( Ethical hacking tools ) Information grathring
Gouasmia Zakaria
 
PPTX
Network scanning
MD SAQUIB KHAN
 
PPT
Hacking Presentation
Animesh Behera
 
PPTX
How to dominate a country
Tiago Henriques
 
PPT
CYBER FORENSICS-scanning and enumuration.ppt
jayaprasanna10
 
PPTX
Network scan
penetration Tester
 
PPTX
Preso fcul
Tiago Henriques
 
Scanning networks (by piyush upadhyay)
Piyush Upadhyay
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Boston Institute of Analytics
 
What is a Port Scan in data visualization
Komal Khanna
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
Joshua Gorinson
 
ServicesPorts on systems, identifying open ports
kinipradeep2
 
Hacking - penetration tools
JenishChauhan4
 
Vulnerability
Mohit Dholakiya
 
An Toan Thong Tin.pptx
VuongPhm
 
Analyzing Open Ports on Websites: Functions, Benefits, Threats, and Detailed ...
Boston Institute of Analytics
 
Port Scanning in computer networks with .ppt
imranahmadrana28
 
Scanning and Enumeration in Cyber Security.pptx
MahdiHasanSowrav
 
Web hacking 1.0
Q Fadlan
 
Network Security Tools
Emanuela Boroș
 
( Ethical hacking tools ) Information grathring
Gouasmia Zakaria
 
Network scanning
MD SAQUIB KHAN
 
Hacking Presentation
Animesh Behera
 
How to dominate a country
Tiago Henriques
 
CYBER FORENSICS-scanning and enumuration.ppt
jayaprasanna10
 
Network scan
penetration Tester
 
Preso fcul
Tiago Henriques
 

Recently uploaded (20)

PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KodekX | Application Modernization Development
KodekX
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

Network scanning

  • 1. Network Basics • A netowk consist of 3 parts 1. IP Address 2. Services 3. Port • IP Addresses – An address is comprised of two parts- a network address and a host address and determined by the subnet mask. – A simple example is 192.168.1.1 with a subnet mask of 255.255.255.0. • 192.168.1 is the network address (the 192.168.1.0 network) and .1 is a host address on that network. Oceanofwebs.com 1
  • 2. • Services – The network protocol that listens for incoming connection requests and links the server application with the client – Typically each service runs on a set of specific ports – In actuality, any service can run on any port • Therefore, you should put only limited trust in port/service mappings. – Use an application scanner (service detection) to ensure find out what application is really running on that port. – Nmap has service detection 2Oceanofwebs.com
  • 3. • Ports • A port is where a service listens for connections • Common services use common well-known ports • Could use any port as long as both the server and the client know which port to connect to • Ports allow different services to be available from one location or IP Address 3Oceanofwebs.com
  • 4. Scanning • Types of scanning – Host (Ping) Scanning – Port Scanning – Vulnerability Scanning 4Oceanofwebs.com
  • 5. Host Scanning • Hackers perform host scanning to locate and identify hosts on the network. • Usually by “pinging” a range of IP addresses. • Host which respond to pings may be targeted for attack. 5Oceanofwebs.com
  • 6. Port Scanning • Hackers perform Port Scans to determine what services a host may be running. • By knowing the services the hacker can attempt attacks against known vulnerabilities in the service. • Port scans attempt to make initial connection to service running on a particular port number. • Port scans are invasive and are easily detected by Intrusion Detection and/or firewalls. 6Oceanofwebs.com
  • 7. Vulnerability Scanning • What is vulnerability scanning? – Used to find known flaws within an application or network. – These scanning tools are typically signature based and can only find vulnerabilities that the tools know about. – Many good commercial and freeware tools are available. 7Oceanofwebs.com
  • 8. Scanning Tools • Host & Port Scanning – Nmap • Vulnerability Scanning – GFI and Nessus 8Oceanofwebs.com
  • 10. Scanning Tool - Nmap • The only port scanner you’ll need • Pros – FREE – Continually Updated – OS Detection and Service Detection – Support for both Windows and Unix • Cons – No standard Graphical User Interface LINK: (www.insecure.org) 10Oceanofwebs.com
  • 11. Scanning Tool- SuperScan Pro’s – FREE download from Foundstone – Very stable, Fairly fast – Graphical User Interface Con’s – Windows version only – No stealth options, no Firewall Evasion – Service Detection/Application Mapping • LINK: (www.foundstone.com) 11Oceanofwebs.com
  • 13. Scanning Tool – Nessus • Pros – Nessus is free – Large plugin or signature base – You can customize and create new plugins • Cons – Tenable took Nessus private (closed source) – Purchasing plans for new plugins – Shareware plug-ins are seven days behind LINK: (www.nessus.org) 13Oceanofwebs.com
  • 14. Scanning Tool – GFI LANguard Network Security Scanner • Pros – Port Scanner, Enumeration, and Vulnerability Scanner – Many features such as SNMP and SQL brute force – Great for Windows networks • Cons – Lacks extensive signatures for other operating systems – Look to Nessus for scanning heterogeneous networks 14Oceanofwebs.com