Network Mapping


Identify Live Hosts
Determine running Services











TCP Port Scanning
UDP Port Scanning
Banner Grabbing
ARP Discovery
Identify Perimeter Network
(Router / Firewalls)
Passive OS Guessing
Active OS Guessing

TCP/IP Stack Fingerprinting
HTTP Packet Analysis
ICMP Packet Analysis
Telnet Handshake Analysis
Host Enumeration
 Systems Enumeration
 Tracerouting
 Scan Default Firewall/Router
Ports
 Perform FIN/ACK Scan
 Map Router / Firewall
Rule-Base
Heorot.net
Identify Live Hosts
Project
Scope will restrict scan spectrum
Tools:
 ping
 nmap
 hping
 traceroute
 tpctraceroute
Heorot.net
Identify Live Hosts
ping Demonstration
Identify Live Hosts
nmap Demonstration
Identify Live Hosts
hping Demonstration
Identify Live Hosts
traceroute Demonstration
Identify Live Hosts
tcptraceroute Demonstration
Hands-On Exercise
Identify Live Hosts
Tools:

Man pages
 ping
 # man ping
 nmap
 # man nmap
 hping
 # man traceroute
 traceroute
 # man tcptraceroute
 tpctraceroute

Difference between:
 TCP
 UDP

What is an “ICMP
echo request”?
 #man icmp
Heorot.net
Determine Running Services
TCP Port Scanning
 UDP Port Scanning
 Banner Grabbing
 ARP Discovery

Heorot.net
Determine Running Services
TCP Port Scanning

Tools:
 nmap
 netcat
 hping
Heorot.net
Determine Running Services
nmap Demonstration
Determine Running Services
netcat Demonstration
Determine Running Services
hping Demonstration
Determine Running Services
UDP Port Scanning

Tools:
 nmap
 netcat
 hping
Heorot.net
Determine Running Services
nmap Demonstration
Determine Running Services
netcat Demonstration
Determine Running Services
hping Demonstration
Determine Running Services
Banner Grabbing

Tools:
 nmap
 amap
 netcat
 telnet
Heorot.net
Determine Running Services
nmap Demonstration
Determine Running Services
amap Demonstration
Determine Running Services
netcat Demonstration
Determine Running Services
telnet Demonstration
Determine Running Services
ARP Discovery

Tools:
 arping
 arp + protocol analyzer
Heorot.net
Hands-On Exercise
Determining Running Services
Tools:

 5 “open” services
 nmap
 netcat
TCP Services

UDP Services
 hping
 1 “closed” service
 amap
(or is it???)
 netcat

 telnet
Banners
 How many banners can you
grab?
 Version Information
 Application Name

TCP 3-way Handshake
Heorot.net
Operating System Guessing
Operating System Query

Tools:
 httprint
 netcat
 nmap
Heorot.net
Operating System Guessing
httprint Demonstration
Operating System Guessing
netcat Demonstration
Operating System Guessing
ICMP Packet Analysis

Tools:
 xprobe
Heorot.net
Operating System Guessing
xprobe Demonstration
Operating System Guessing
Telnet Handshake Analysis

Tools:
 nmap
 telnetfp
Heorot.net
Operating System Guessing
nmap Demonstration
Host Enumeration
What did you miss?
Unknown application?
Unusual OS?

Time to read up:
 RFC (Request for Comments)
 White Papers
 Manuals
Heorot.net
Hands-On Exercise
Operating System Guessing / Host Enumeration
Tools:

RFCs
 xprobe
 What they are
 nmap
 Who produces them
 RFC 793, 768, 792
○ Bonus: 854, 4251
○ Super-Geek Bonus: 3766

White Papers
 Linux
 Slackware

Documentation
 Slackware
Heorot.net
Module 4 – Conclusion

Phase II  Controls Assessment  Scheduling
○ Information Gathering
○ Network Mapping
 Identify Live Hosts
 Determine running Services
 Identify Perimeter Network (Router / Firewalls)
 Passive OS Guessing
 Active OS Guessing
 Host Enumeration
Heorot.net