issuhub.com

CEH

(Jeff_L) #1

110 Chapter 5 ■ Scanning Networks


Ping sweeps are incredibly effective in that they can build an inventory of systems

quickly; however, there are some potential drawbacks. First, you must overcome the fact

that many network administrators block ping at the firewall itself, so pinging hosts from

outside the network is impossible without extra effort. Second, an intrusion detection

system (IDS) or intrusion prevention system (IPS) will often be present on larger networks

or in enterprise environments, and these systems will alert the system owner and/or shut

your scan down. Finally, due to the way the scan works there really isn’t any capability

in the scan to detect systems that are down; in such cases the ping will hang for a few

moments before informing you that it cannot reach a host.

Port Scanning


Once you have found a live system, you can perform a port scan to check for open ports.

Checking for Open Ports


You must know how port scans work and the different types of scans

available as well as why you would use one type over another. Pay careful

attention to the scans mentioned here as they each have little details that

may be overlooked. Also remember to study, study, study these scans.

Before I demonstrate how to perform a port scan, let’s cover a few fundamentals. In

Chapter 2 you learned about TCP and UDP. TCP is a connection-oriented protocol and

UDP is connectionless in nature. Both of these protocols have a valuable place in the

performance of port scanning. We will start off by looking at TCP scans and the three-way

handshake.

The three-way handshake is performed when you’re trying to establish a TCP

connection to a system or, specifically, a port on the system. The handshake establishes a

successful and reliable connection between two systems. The process involves three steps,

as shown in Figure 5.1.

Let’s take a closer look at the steps to see what is occurring:


  1. Host A sends a SYN packet to Host B as a request to establish a connection.

  2. Host B responds with a SYN-ACK as an acknowledgment of the request.

  3. Host A responds with an ACK, which serves to fully establish the connection.
    If these steps complete without error, then the TCP connection is established successfully
    and information flow can occur.
    If you were paying close attention to Figure 5.1 and the steps listed, you noticed the
    inclusion of what seemed like acronyms in the form of SYN and ACK. These are very
    important to us now and going forward, so Table 5.1 explains TCP flags.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.