CEH Ch.3 Scanning & Enumeration
Save
The process of discovering systems on the network and taking a look at what open
ports and applications may be running. With footprinting, we wanted to know how
Scanning
big the network was and some general information about its makeup. In scanning,
we'll go into the network and start touching each device to find out more about it.
SYN (Synchronize) - This flag is set during initial communication establishment. It
indicates negotiation of parameters and sequence numbers (The sequence number
is a pseudorandom number that helps maintain the legitimacy and uniqueness of
this session).
Six flags can be set in the TCP header. ACK (Acknowledgement) - This flag is set as an acknowledgment to SYN flags. This
Depending on what the segment is flag is set on all segments after the initial SYN flag.
intended to do, some or all of these flags
may be put into use. The TCP header flags RST (Reset) - This flag forces a termination of communications (in both directions).
are as follows:
FIN (Finish) - This flag signifies an ordered close to communications.
PSH (Push) - This flag forces the delivery of data without concern for any buffering.
In other words, the receiving device need not wait for the buffer to fill up
before processing.
, This is the three way handshake to initiate a TCP data exchange. First, a session
must be established between the two systems. To do this, the sender forwards a
segment with the SYN flag set, indicating a desire to synchronize a communication
session. This segment also contains a sequence number--a pseudorandom
number that helps maintain the legitimacy and uniqueness of this session.
When the recipient gets this segment, it responds with the SYN and ACK flags set
and acknowledges the sequence number by incrementing it by one. Additionally,
the return segment contains a sequence number generated by the recipient. This
SYN, SYN/ACK, ACK tells the sender, "Yes, I acknowledge your request to communicate and will agree
to synchronize with you. I see your sequence number and acknowledge it by
incrementing it by 1. Please use my sequence number in further communications
with me so I can keep track of what we're doing."
When this segment is received by the original sender, it generates one more
segment to finish off the synchronization. In this segment the ACK flag is set, and the
recipient's own sequence number is acknowledged. At the end of this three way
handshake, a communications channel is opened, sequence numbers are
established on both ends, and data transfer can begin.
The source and destination port fields in TCP or UDP communications define the
protocols that will be used to process the data. We need port numbers to
Port Numbers in TCP or identify which upper-layer protocol to hand this information to. (FTP, Telnet, e-mail,
UDP communication http, etc.) Systems use port numbers to identify to recipients what they're trying to
accomplish.
Examples of protocols using UDP: TFTP, DNS, & DHCP
1. Unicast - Acted on by a single recipient.
IPv4's 3 Main Address Types 2. Multicast - Acted on only by members of a specific group.
3.Broadcast - Acted on by everyone in the network.
Well Known Ports 0-1023
Registered Ports 1024-49151
Dynamic Ports 49152-65535
FTP (File Transfer Protocol) TCP 20/21
SSH (Secure Shell) TCP 22
Telnet TCP 23
SMTP (Simple Mail Transfer Protocol) TCP 25
DNS (Domain Name System) TCP & UDP 53
DHCP (Dynamic Host Configuration UDP 67 is the destination port of a server, UDP 68 is used by the client
Protocol)
TFTP (Trivial File Transfer Protocol) UDP 69
HTTP (Hypertext Transfer Protocol) TCP 80
POP3 (Post Office Protocol version 3) TCP 110
RPC TCP 135
NetBIOS (Network Basic Input/Output TCP & UDP 137-139
System)
IMAP (Internet Message Access Protocol) TCP 143
Save
The process of discovering systems on the network and taking a look at what open
ports and applications may be running. With footprinting, we wanted to know how
Scanning
big the network was and some general information about its makeup. In scanning,
we'll go into the network and start touching each device to find out more about it.
SYN (Synchronize) - This flag is set during initial communication establishment. It
indicates negotiation of parameters and sequence numbers (The sequence number
is a pseudorandom number that helps maintain the legitimacy and uniqueness of
this session).
Six flags can be set in the TCP header. ACK (Acknowledgement) - This flag is set as an acknowledgment to SYN flags. This
Depending on what the segment is flag is set on all segments after the initial SYN flag.
intended to do, some or all of these flags
may be put into use. The TCP header flags RST (Reset) - This flag forces a termination of communications (in both directions).
are as follows:
FIN (Finish) - This flag signifies an ordered close to communications.
PSH (Push) - This flag forces the delivery of data without concern for any buffering.
In other words, the receiving device need not wait for the buffer to fill up
before processing.
, This is the three way handshake to initiate a TCP data exchange. First, a session
must be established between the two systems. To do this, the sender forwards a
segment with the SYN flag set, indicating a desire to synchronize a communication
session. This segment also contains a sequence number--a pseudorandom
number that helps maintain the legitimacy and uniqueness of this session.
When the recipient gets this segment, it responds with the SYN and ACK flags set
and acknowledges the sequence number by incrementing it by one. Additionally,
the return segment contains a sequence number generated by the recipient. This
SYN, SYN/ACK, ACK tells the sender, "Yes, I acknowledge your request to communicate and will agree
to synchronize with you. I see your sequence number and acknowledge it by
incrementing it by 1. Please use my sequence number in further communications
with me so I can keep track of what we're doing."
When this segment is received by the original sender, it generates one more
segment to finish off the synchronization. In this segment the ACK flag is set, and the
recipient's own sequence number is acknowledged. At the end of this three way
handshake, a communications channel is opened, sequence numbers are
established on both ends, and data transfer can begin.
The source and destination port fields in TCP or UDP communications define the
protocols that will be used to process the data. We need port numbers to
Port Numbers in TCP or identify which upper-layer protocol to hand this information to. (FTP, Telnet, e-mail,
UDP communication http, etc.) Systems use port numbers to identify to recipients what they're trying to
accomplish.
Examples of protocols using UDP: TFTP, DNS, & DHCP
1. Unicast - Acted on by a single recipient.
IPv4's 3 Main Address Types 2. Multicast - Acted on only by members of a specific group.
3.Broadcast - Acted on by everyone in the network.
Well Known Ports 0-1023
Registered Ports 1024-49151
Dynamic Ports 49152-65535
FTP (File Transfer Protocol) TCP 20/21
SSH (Secure Shell) TCP 22
Telnet TCP 23
SMTP (Simple Mail Transfer Protocol) TCP 25
DNS (Domain Name System) TCP & UDP 53
DHCP (Dynamic Host Configuration UDP 67 is the destination port of a server, UDP 68 is used by the client
Protocol)
TFTP (Trivial File Transfer Protocol) UDP 69
HTTP (Hypertext Transfer Protocol) TCP 80
POP3 (Post Office Protocol version 3) TCP 110
RPC TCP 135
NetBIOS (Network Basic Input/Output TCP & UDP 137-139
System)
IMAP (Internet Message Access Protocol) TCP 143
