Network Mapping Identify Live Hosts Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery Identify Perimeter Network (Router / Firewalls) Tracerouting Scan Default Firewall/Router Ports Perform FIN/ACK Scan Map Router / Firewall Rule-Base Passive OS Guessing Active OS Guessing TCP/IP Stack Fingerprinting HTTP Packet Analysis ICMP Packet Analysis Telnet Handshake Analysis Host Enumeration Systems Enumeration Heorot.net
Identify Live Hosts Project Scope will restrict scan spectrum Tools: ping nmap hping traceroute tpctraceroute Heorot.net
Identify Live Hosts ping Demonstration
Identify Live Hosts nmap Demonstration
Identify Live Hosts hping Demonstration
Identify Live Hosts traceroute Demonstration
Identify Live Hosts tcptraceroute Demonstration
Hands-On Exercise Identify Live Hosts Tools: ping nmap hping traceroute tpctraceroute Man pages # man ping # man nmap # man traceroute # man tcptraceroute Difference between: TCP UDP What is an “ICMP echo request”? #man icmp Heorot.net
Determine Running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery Heorot.net
Determine Running Services TCP Port Scanning Tools: nmap netcat hping Heorot.net
Determine Running Services nmap Demonstration
Determine Running Services netcat Demonstration
Determine Running Services hping Demonstration
Determine Running Services UDP Port Scanning Tools: nmap netcat hping Heorot.net
Determine Running Services nmap Demonstration
Determine Running Services netcat Demonstration
Determine Running Services hping Demonstration
Determine Running Services Banner Grabbing Tools: nmap amap netcat telnet Heorot.net
Determine Running Services nmap Demonstration
Determine Running Services amap Demonstration
Determine Running Services netcat Demonstration
Determine Running Services telnet Demonstration
Determine Running Services ARP Discovery Tools: arping arp + protocol analyzer Heorot.net
Hands-On Exercise Determining Running Services Tools: nmap netcat hping amap netcat telnet TCP Services 5 “open” services UDP Services 1 “closed” service (or is it???) Banners How many banners can you grab? Version Information Application Name TCP 3-way Handshake Heorot.net
Operating System Guessing Operating System Query Tools: httprint netcat nmap Heorot.net
Operating System Guessing httprint Demonstration
Operating System Guessing netcat Demonstration
Operating System Guessing ICMP Packet Analysis Tools: xprobe Heorot.net
Operating System Guessing xprobe Demonstration
Operating System Guessing Telnet Handshake Analysis Tools: nmap telnetfp Heorot.net
Operating System Guessing nmap Demonstration
Host Enumeration What did you miss? Unknown application? Unusual OS? Time to read up: RFC (Request for Comments) White Papers Manuals Heorot.net
Hands-On Exercise Operating System Guessing / Host Enumeration Tools: xprobe nmap RFCs What they are Who produces them RFC 793, 768, 792 ○ Bonus: 854, 4251 ○ Super-Geek Bonus: 3766 White Papers Linux Slackware Documentation Slackware Heorot.net
Module 4 – Conclusion Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping Identify Live Hosts Determine running Services Identify Perimeter Network (Router / Firewalls) Passive OS Guessing Active OS Guessing Host Enumeration Heorot.net