After making a list of attack-able IPs from Reconnaissance phase, we need to work on phase 2 of Ethical hacking i.e., Scanning. Process of scanning is divided into 3 parts.
- Determine if system is on and working.
- Finding ports on which applications are running.
- Scanning target system for vulnerabilities.
Ping and Ping Sweeps :
Simplest way to check if a system is alive is to ping that system’s IP address. A ping is a special form of packet called ICMP packet. On pinging a device IP, an ICMP echo request message is sent to target, and target system send an Echo reply packet in response of echo request message.
Echo reply message tells other valuable information other than telling whether system is alive. It also tells round trip time of packets i.e, time taken by ping message to reach back to us from target system. It also provides information about packet loss which can be helpful in determining reliability of network.
A ping sweep is a method of pinging a list of IP automatically. Pinging a large list of IPs can be time-consuming and problematic. Tool for Ping sweep is Fping. Fping can be invoked by following command.
Fping -a -g 172.16.10.1 172.16.10.20
- The “-a” switch is used to show a list of only alive IP in our output.
- “-g” switch is used to specify a range of IP.
- In above command range of IP is 172.16.10.1 to 172.16.10.20.
Port Scanning :
In a Computer, there are a total of 65, 536 (0-65, 535) ports. Depending upon nature of communication and application using a port, it can be either UDP or TCP. Scanning system for checking which ports are alive and which ports are used by different applications gave us a better idea about target system.
Port Scanning is done by a tool called Nmap. Nmap is written by Gordon “Fyodor” Lyon. It is available in both GUI and command-line interface.
nmap -sT/U -p 172.16.10.5
- “-s” is used to specify connection type.
- -sT means TCP and -sU means UDP connection.
- “-p” means to scan all ports of target IP.
Vulnerability Scanning :
Vulnerability is a weakness in software or system configuration that can be exploited. Missing patches may result in the vulnerability of software.
Software vendors regularly provide patches for known issues. Some Vulnerability leads to remote code execution which is a holy grail of hacking. One of the tools for vulnerability scanning is Nessus. It can be downloaded from website nessus.org. It contains thousands of plugins for vulnerability scanning. A plugin is a small block of code send to target system IP for purpose of vulnerability scanning.
- Univariate, Bivariate and Multivariate data and its analysis
- Geographical information system (GIS) and its Components
- Equation of parabola from its focus and directrix
- Frequency Domain Filters and its Types
- Spatial Filtering and its Types
- Perspective Projection and its Types
- Screen Density and Its terminologies
- Endian order and binary files
- Look-and-Say Sequence
- How to add articles to "To Do" and "Done" lists on GeeksforGeeks?
- Finding the number of triangles amongst horizontal and vertical line segments
- Find k-th bit in a binary string created by repeated invert and append operations
- MouseListener and MouseMotionListener in Java
- Shuffle a pack of cards and answer the query
- fgets() and gets() in C language
- vector::push_back() and vector::pop_back() in C++ STL
- deque::clear() and deque::erase() in C++ STL
- Check whether the number has only first and last bits set | Set 2
- DFA in LEX code which accepts even number of zeros and even number of ones
- Difference between Information and Data
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.