Module 2 - skyleroriordan/my-tech-journal GitHub Wiki
Notes
Ping sweep: scanning method that uses ICMP to search for live hosts on entire networks. Noisy and can be obvious. A lot of Network Security Devices block ICMP.
If ICMP is blocked do scanning using TCP or UDP. NMAP is the most used tool for this.
Nmap can find: Active devices, listening ports, what service on those ports, user creds. NMAP discovery has 4 steps, ICMP request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request. Then does a 1,000 port scan. can use -sn to only send pings a couple of TCP packets.
-sS is a simple SYN scan that starts a TCP connection but never finishes the handshake. -sT is a TCP connect scan which establishes a full TCP connection.
-sU is a UDP scan (must be root)
-p species the port