N I L A D I C سه شنبه 3 مرداد 1396 11:08 ق.ظ نظرات ()
Hi

Its time to go to second part of CEH Tutorials Series. In this part you will learn the basic steps to scan your TARGET and find out more details about that.

So, Lets go



in typical:
-ip address and close/open/filter ports
-OS
-services and proccess that run on the system


scanning parts:
-port scanning
-network scanning
-vunerability scanning


check for live systems methods:
-wardialing
-wardriving
-pinging
-port scanning

-wardialing:
for dialup modems and call them
some wardialing soft: toneloc , thc-scan , niksun's phonesweep

-wardriving:
for wireless network and usually with gps devices
some wardriving tool: airsnort , airsnare, kismet , netstumbler , inSSIDer

-pinging:
ICMP packet and if answer its live
important things are TTL(Time To Live) and speed of the packets from one host to another

-port scanning:
tool:hping3(special address) , angryip(ip range)


banner grabbing:
determine info about services running on system . . . typicaly with telnet
banner: what service return to requesting program to give info about itself
telnet <hostname/ip addr> 80 head/http/1.0
tool:netcraft , xprobe , p0f

its better to use proxy for scanning:
filter traffic
anonymizing web traffic
provide a layer of protection