Saturday, February 5, 2011

What is network Scanning?

Examine your Network With Nmap

Network scanning is an important part of network security that any system administrator must be comfortable with. Network scanning usally consists of a port scanner and vulnerability scanner.

Port scanner is a software that was designed to probe a server or host for open ports. This is
often used by administrators to verify security policies of their networks and can be used by an attacker to identify running services on a host with the view to compromise it. A port scan sends client requests to a server port addresses on a host for finding an active port. The design and operation of the Internet is based on TCP/IP. A port can have some behavior like below:
  • Open or Accepted: The host sent a reply indicating that a service is listening on the port.
  • Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.
  • Filtered, Dropped or Blocked: There was no reply from the host.
Port scanning has several types such as: TCP scanning, SYN scanning, UDP scanning, ACK scanning, Window scanning, FIN scanning, X-mas, Protocol scan, Proxy scan, Idle scan, CatSCAN, ICMP scan.

TCP scanning

The simplest port scanners use the operating system’s network functions and is generally the next option to go to when SYN is not a feasible option.

SYN scanning

SYN scan is another form of TCP scanning. Rather than use the operating system’s network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as halfopen scanning, because it never actually opens a full TCP connection.

UDP scanning

UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. If a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. If a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open.

ACK scanning

This kind of scan does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This kind of scan can be good when attempting to probe for the existence of a firewall and its rule sets.

FIN scanning

Usually, firewalls are blocking packets in the form of SYN packets. FIN packets are able to pass by firewalls with no modification to its purpose. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand.

Nmap support large number of this scanning. A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. It is important that the network administrator is familiar with these methods.

There are many types of software for scanning networks, some of this software is free and some are not, at Sectools you can find list of this software. The significant point about Nmap (Network Mapper) is Free and Open Source. Nmap is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) for discover hosts and services on a computer network. Nmap runs on Linux, Microsoft Windows, Solaris, HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX.

Nmap includes the following features:
  • Host Discovery
  • Port Scanning
  • Version Detection
  • OS Detection
  • Scriptable interaction with the target
Nmap Works in two modes, in command line mode and GUI mode. Graphic version of Nmap is known as Zenmap. Official GUI for Nmap versions 2.2 to 4.22 are known as NmapFE, originally written by Zach Smith. For Nmap 4.50, NmapFE was replaced with Zenmap, a new graphical user interface based on UMIT, developed by Adriano Monteiro Marques. Working with Zenmap is easy and have a good environment for work.

No comments: