Network Scanning

NETWORK

Network is often referred to as interconnection of various entities. An organization with a lot of computers, printers, switches, routers can be referred to as a simple network.

LAN, MAN, WAN have a wider sense of interconnection where each type represents a specific coverage. When various entities accept to join a network then they should abide by the protocols used for communication in that network.

Topology is the way in which a network is formed.Star,ring,bus,mesh are some of the examples of topology.This helps in managing the devices or entities connected to the network.Each and every topology has its own pros and cons.

Since the number of devices in the network are increasing exponentially each day,it is hard for the network engineers to manage and maintain the devices,and that’s where scanning is used.

NETWORK SCANNING

In terms of security, awareness towards the number of devices in our network. to stay safe from rogue users, network engineers tend to do Network Scanning regularly and make sure that everything is under control.

There are different types of Network Scanning in different intensities. Basically it is just a ping request which is make to each and every device in our network to identify their state. Sometimes we may need to scan the network vigorously in order to get the accurate information of our network.

TOOLS:

  1. NMAP(Network Mapper)
  2. Acunetix
  3. Intruder
  4. Solarwinds
  5. Paessler
  6. OpenVAS
  7. Nikto

etc.,

Among these tools, NMAP is a free open source and the most extensively used tool by network engineers.We can perform version identification, OS detection,running scripts,port scanning,stealth scans and much more.

Since it is an open source tool, this article will focus on network scanning through NMAP.

There are basically three types of scans in general :

  1. Port scanning – for open ports and services. 
  2. Network scanning – for listing IP addresses. 
  3. Vulnerability scanning – for discovering the presence of known vulnerabilities.

Man page of NMAP will give complete usage details,yet let me list out some basic and useful commands,

Let’s take a close look to the above example,
  1. sudo is a command that gives root user privilege to nmap in order to make it work with root privilege.
  2. -sC” tag will run the default script in the given IP address.
  3. -sS” tag will run a stealth scan on the IP address,

#Usually when a ping is ready to an IP address, an ICMP packet is send(SYN) to the device and we will wait for the reply.(SYN-ACK).

#When we receive a reply from the device we will again send an ACK msg to let the device know that we received its reply.

#In our -sS stealth scan,we will perform only the first two steps,and we won’t send an ACK back,which will help us to maintain our anonymity.

4.”-sV” tag will help us to know the service or version of softwares running on the device.

5. “-p” tag will let us specify the range of ports that we are goint to scan(By default first 1000 ports will be scanned)

FACT-4-YOU:Total number of ports in a computer range from 0 to 65535

6.Then at the end we have to place an IP address or a URL.

“-A” tag can be use to perform an aggressive scan which contains all the functionalities of OS detection, version detection, script scanning, and traceroute.

SAMPLE SCAN RESULT:

(IP address use above is a docker container create by me for the sake of demonstration)

Points to remember:

  1. The owner of a scanned system can issue a complaint on the person who performed the scan.
  2. The owner of a scanned system can report the attacker’s IP to their corresponding ISP. 
  3. Most of the ISPs are against unauthorized port scanning and some will take action by canceling their service.
  4. Always scan the systems for which you have permission or any kind of written concern.
  5. Completely avoid scanning systems that do not provide permissions.
  6. Even if an organisation or a user provides permission to scan their system. there are certain scopes which need to be scan and which should not be.
  7. Breaking those scopes and rules will also be an offensive crime since the scopes may contain sensitive data or business logic which are patent.

Passive Scanning:

#Passive scanning or packet sniffing is a different approach in scanning.But it has its own drawbacks.

#We cannot gain information about the devices which do not communicate.Which Means,we are basically sniffing the network and capturing the packets that are being transferred and we extract information about the devices from those packets.

#Wireshark is one of the most famous and open source tools use for monitoring the network for packets and sniffing them to extract information.

#We cannot obtain much information about the devices in the network through passive scanning.But the target will less likely identify our activity

Summary

#Scanning is a very powerful phase in terms of reconnaissance since it provides a lot of information about the devices in our network,which can be further used to search for available exploits if they exist,or we can inject any backdoor that the device is vulnerable to.

#It can be used for many beneficial ways in checking for unwanted open ports in a system,or any outdated software usage in a server,etc.

Written By: D.Hari Haran

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *