Network Scanning and Enumeration
Automated Way
Using enum4linux
Network Enumeration Tool
Host Discovery - to find other hosts/machines in the network
Using netdisocver
Used to scan for live hosts on the network
Using nmap
Description | Command |
---|---|
Ping Sweep [ Scanning Network for Live Hosts ] |
|
ARP Scan [ Scanning for Live Hosts without port scan in same subnet ] |
|
UDP ping scan |
|
ICMP echo ping scan |
|
Mask ping scan ( use if ICMP is blocked ) |
|
ICMP timestamp scan |
|
TCP SYN Ping scan |
|
IP Protocol scan ( uses different protocols to test connectivity ) |
|
Using Angry IP Scanner
Preference → Pinging Method → Combined UDP + TCP
Display → only live hosts
Start
Service Discovery - To identify open ports and services running on target
Using nmap
Description | Command |
---|---|
All Open Ports |
|
Specific Port |
|
Service + Version |
|
Scripts + Version |
|
Using hping3
-S
- TCP Stealth Scan
OS Discovery - Identify the OS running on the target
Using nmap
Services + OS Discovery
Using nmap nse scripts
Banner Grabbing
Based the ttl
value present the ping response.
ping 192.168.18.110
Operating System | Time To Live ( ttl ) | TCP Window Size |
---|---|---|
Linux | 64 | 5840 |
FreeBSD | 64 | 65535 |
OpenBSD | 255 | 16384 |
Windows | 128 | 65,535 bytes to 1 GB |
Cisco Routers | 255 | 4128 |
Solaris | 255 | 8760 |
AIX | 255 | 16384 |
Aggressive Scanning
Comprehensive Scanning
Last updated