Networking scanning is a methodical process that involves probing a target network with the intent of finding out information about it and using that information for attack phases. If you have a command of network and system fundamentals, coupled with thorough reconnaissance it is possible to get a reasonable picture of a network—in some cases, even better than the victim has of their own network and environment.
Scanning is a set of procedures used to identify hosts, ports, and services on a target network. Scanning is considered part of the intelligence-gathering process an attacker uses to gain information about the targeted environment.
Expect the information that is gathered during this phase to take a good amount of time to analyze, which will vary depending on how good you are at reading the resulting information. If you have performed your initial reconnaissance well, however, this process should not be complicated. Your knowledge will help you not only target your initial scans better, but also better determine how to decipher certain parts of the results.
When you are performing your network scanning process, keep in mind that scanning typically breaks down into one of three types:
Port Scanning Port scanning is when you send carefully crafted messages or packets to a target computer with the intent of learning more about it. These probes are typically associated with well-known port numbers or those less than or equal to 1024. Through the careful application of this technique, you can learn about the services a system offers to the network as a whole. It is even possible that during this process you can tell systems such as mail servers, domain controllers, and web servers from one another. In this book the primary tool we will use in port scanning is Fyodor’s Nmap, which is considered by many to be the definitive port scanner.
Network Scanning Network scanning is designed to locate all the live hosts on a network (the hosts that are running). This type of scan will identify those systems that may be attacked later or those that may be scanned a little more closely.
Vulnerability Scan A vulnerability scan is used to identify weaknesses or vulnerabilities on a target system. This type of scan is quite commonly done as a proactive measure with the goal of catching problems internally before an attacker is able to locate those same vulnerabilities and act on them.