N I L A D I C سه شنبه 3 مرداد 1396 12:08 ب.ظ نظرات ()

Its time to go to second part of CEH Tutorials Series. In this part you will learn the basic steps to scan your TARGET and find out more details about that.

So, Lets go

in typical:
-ip address and close/open/filter ports
-services and proccess that run on the system

scanning parts:
-port scanning
-network scanning
-vunerability scanning

check for live systems methods:
-port scanning

for dialup modems and call them
some wardialing soft: toneloc , thc-scan , niksun's phonesweep

for wireless network and usually with gps devices
some wardriving tool: airsnort , airsnare, kismet , netstumbler , inSSIDer

ICMP packet and if answer its live
important things are TTL(Time To Live) and speed of the packets from one host to another

-port scanning:
tool:hping3(special address) , angryip(ip range)

banner grabbing:
determine info about services running on system . . . typicaly with telnet
banner: what service return to requesting program to give info about itself
telnet <hostname/ip addr> 80 head/http/1.0
tool:netcraft , xprobe , p0f

its better to use proxy for scanning:
filter traffic
anonymizing web traffic
provide a layer of protection