Scanning is the process of gathering additional information about the target or a network. Network scanning refers to the identifying hosts, ports and services running on the network and try to find vulnerability through ports and services which are open and running into the network. the process of the scanning could be different on every network depending on the network configuration weather the firewall is there or not, network is scanned by the organization to protect the network etc.
Types of Scanning
Network And Port Scanning
ICMP Scanning : ICMP (Internet Control Message Protocol) or ping is the process of sending ICMP request or packet to the host the check the the live host. The Network devices like router, switch firewall, or any computer every device which is connected to a network use ICMP protocol from ping command for conectivity test. To ping a network or device from windows or linux type the following command into the command prompt or terminal.
ICMP Echo Scanning : ICMP Scanning allow to scan the a particular host machine. ICMP Echo Scanning ping all the machine inside a network or subnet. ICMP echo broadcast the ICMP request the entire network to check the live host in the subnet or network. ICMP Echo can done by NMap, Angry IP Scanner, Hping3.
TCP Connect/Full Open Scan : Tcp Connect is the most reliable Tcp scanning technique. In TCP connect scanning the host try to connect to the system with TCP three way handshake on a port number (if port is not defined it will to connect with all well known port).
TCP connect establish the connection with the client on a port if the port is open client will reply, as soon the connection is established attacker send the RST packet to reset the connection.
If the target machine has closed the particular port the target machine will reply with RST packet. The drawback of Full Open Scan /TCP Connect is that it is easily detectable, The logs in the target machine will disclose the connection and scanning.
Stealth Scan/Half Open Scan : The Half scan Involve resetting the tcp connection with the target. In Half Scan attacker send the SYS packet with the port number to the target if the port is open in the target machine, target machine will reply back like normal handshake. After the target reply attacker is suppose to send the ACK packet to complete the handshake but instead of ACK the attacker send the RST packet to stop/reset the connection.
If the target machine has closed the particular port it will with RST flag to reset the connection.
Xmas Scanning : Xmas is a port scanning technique by sending FIN, URG, PUSH Flag and send to the target machine. If the target machine has port open. It will not response back to the attacker.
ACK Probe Scanning : Attacker send Ack flag to the remote device and then analysis the header information of the received the RST flag to find out if the port is open or closed. In ACK probe the attacker send N nmuber of Ack packet to the target, If the target has stateful firewall if will not send any response to the attacker.
|ACK scan when firewall is not present|
When the attacker get the reply from the target with RST flag the attacker analyses the RST Flag, To identify weather the port is open or not. ACK flag can evades the IDS in most case not everytime. This scan is very slow and only work with older operation system.