Powerpoint Slide
Download
Report
Transcript Powerpoint Slide
Network Mapping
Identify Live Hosts
Determine running Services
TCP Port Scanning
UDP Port Scanning
Banner Grabbing
ARP Discovery
Identify Perimeter Network
(Router / Firewalls)
Passive OS Guessing
Active OS Guessing
TCP/IP Stack Fingerprinting
HTTP Packet Analysis
ICMP Packet Analysis
Telnet Handshake Analysis
Host Enumeration
Systems Enumeration
Tracerouting
Scan Default Firewall/Router
Ports
Perform FIN/ACK Scan
Map Router / Firewall
Rule-Base
Heorot.net
Identify Live Hosts
Project
Scope will restrict scan spectrum
Tools:
ping
nmap
hping
traceroute
tpctraceroute
Heorot.net
Identify Live Hosts
ping Demonstration
Identify Live Hosts
nmap Demonstration
Identify Live Hosts
hping Demonstration
Identify Live Hosts
traceroute Demonstration
Identify Live Hosts
tcptraceroute Demonstration
Hands-On Exercise
Identify Live Hosts
Tools:
Man pages
ping
# man ping
nmap
# man nmap
hping
# man traceroute
traceroute
# man tcptraceroute
tpctraceroute
Difference between:
TCP
UDP
What is an “ICMP
echo request”?
#man icmp
Heorot.net
Determine Running Services
TCP Port Scanning
UDP Port Scanning
Banner Grabbing
ARP Discovery
Heorot.net
Determine Running Services
TCP Port Scanning
Tools:
nmap
netcat
hping
Heorot.net
Determine Running Services
nmap Demonstration
Determine Running Services
netcat Demonstration
Determine Running Services
hping Demonstration
Determine Running Services
UDP Port Scanning
Tools:
nmap
netcat
hping
Heorot.net
Determine Running Services
nmap Demonstration
Determine Running Services
netcat Demonstration
Determine Running Services
hping Demonstration
Determine Running Services
Banner Grabbing
Tools:
nmap
amap
netcat
telnet
Heorot.net
Determine Running Services
nmap Demonstration
Determine Running Services
amap Demonstration
Determine Running Services
netcat Demonstration
Determine Running Services
telnet Demonstration
Determine Running Services
ARP Discovery
Tools:
arping
arp + protocol analyzer
Heorot.net
Hands-On Exercise
Determining Running Services
Tools:
5 “open” services
nmap
netcat
TCP Services
UDP Services
hping
1 “closed” service
amap
(or is it???)
netcat
telnet
Banners
How many banners can you
grab?
Version Information
Application Name
TCP 3-way Handshake
Heorot.net
Operating System Guessing
Operating System Query
Tools:
httprint
netcat
nmap
Heorot.net
Operating System Guessing
httprint Demonstration
Operating System Guessing
netcat Demonstration
Operating System Guessing
ICMP Packet Analysis
Tools:
xprobe
Heorot.net
Operating System Guessing
xprobe Demonstration
Operating System Guessing
Telnet Handshake Analysis
Tools:
nmap
telnetfp
Heorot.net
Operating System Guessing
nmap Demonstration
Host Enumeration
What did you miss?
Unknown application?
Unusual OS?
Time to read up:
RFC (Request for Comments)
White Papers
Manuals
Heorot.net
Hands-On Exercise
Operating System Guessing / Host Enumeration
Tools:
RFCs
xprobe
What they are
nmap
Who produces them
RFC 793, 768, 792
○ Bonus: 854, 4251
○ Super-Geek Bonus: 3766
White Papers
Linux
Slackware
Documentation
Slackware
Heorot.net
Module 4 – Conclusion
Phase II Controls Assessment Scheduling
○ Information Gathering
○ Network Mapping
Identify Live Hosts
Determine running Services
Identify Perimeter Network (Router / Firewalls)
Passive OS Guessing
Active OS Guessing
Host Enumeration
Heorot.net