Scanning the Network using the Colasoft Packet Builder
Overview of ARP Ping Scanning
ARP Ping Scanning involves sending ARP packets to hosts on the network and observing the responses that are received from the host that are live or active on the network.
Lab Tasks
1. Navigate to Z:\CEH-Tools\CEHv10 Module 03 Scanning
Networks\Packet Crafting Tools\Colasoft Packet Builder and double click pkt build er 2.0.0.212.exe,
Note: If an Open File - Security Warning pop-up appears, click Run.
2. Follow the wizard-driven installation steps to install Colasoft Packet
Builder.
3. On completing the installation, launch the Colasoft Packet Builder 2.0 application from the Desktop.
4. The Colasoft Packet Builder GUI appears as shown in the screenshot:
5. Before starting your task, click the Adapter icon.
6. When the Select Adapter window appears, check the Adapter settings, and
click OK.
Note: Adapter configuration might differ in your lab environment.
7. To add or create a packet, click Add icon in the menu section.
FIGURE 1.7: Add Packet dialog box
9. You can view the added packets list on the right-hand side of the window,
under Packet List.
10. Colasoft Packet Builder allows you to edit the decoding information in the two editors: Decode Editor and Hex Editor, located in the left pane of the window.
11. The Decode Editor section allows you to edit the packet decoding information by double-clicking the item you want to decode.
12 The Hex Editor displays the actual packet contents in raw hexadecimal value on the left and its ASCH equivalent on the right.
14. In the Send All Packets window, check the Burst Mode option and then
click Start.
15. Close the window.
16. Now, when this ARP packet is broadcasted in the network, the active machines receive the packet and a few among them start responding with an ARP reply. To observe which machine is responding to the ARP packet, you also need to run a packet-monitoring application such as Wireshark or Co las oft Packet Capture simultaneously
17. To export the packets sent from the file menu, click Export All Packets...,
18. In the Save As window, select a destination folder in the Save in field, specify
the File name and Save as type, and click Save.
network scanning mac
network vulnerability scanning
network scanning linux
scanning network for hidden cameras
network scanning app
UDP and TCP Packet Crafting Techniques using HPING3
1. Before beginning this lab, login to the Windows 10 virtual machine and make sure Wireshark is installed.
2. Ixigin to Kali I jnux virtual machine with the username and password as
root and toor, respectively.
3. Launch command terminal, type hping3 -c 3 <IP Address off the target
machine>, and press Enter. In this lab, we are using Windows 10 (10.10.10.10) machine’s IPaddress.
4. From the above command, the output shows that three packets were received and sent.
FIGURE 2.2: Hping3 Output of 3 Packets sent to target machine
5. Now type hping3 -scan 1-3000 -S <Target IP address> and press Enter.
6. Here, -scan parameter defines the port range to scan and -S represents SYN flag.
7. The output shows the open ports in the target machine, i.e. Windows 10.
8. Now, to perform UDP packet crafting, type hping3 <IP address of the
target machine> -udp -rand-source -data 500 and press Enter.
9. Here, the target machine is running Windows 10.
10. Now, login to Windows 10 virtual machine and launch Wireshark to start capturing the packets. Observe the UDP packets in Wireshark.
11. Double-click any UDP packet and observe the details.
12. UDP packet is captured by the Wireshark in the target machine.
13. Close all Wireshark windows. When prompted to save, click Stop and Quit without Saving to close Wireshark without saving the traffic capture.
14. Before performing this task, launch Wireshark again in Windows 10 machine (target machine) and leave it running.
15. Send a TCP SYN request to the target machine, type hping3 -S <Target
Machine IP Address> -p 80 -c 5 and press Enter.
16. -S will perform TCP SYN request on the target machine, -p will pass the traffic through which port is assigned, and -c is the count of the packets sent to the target machine.
Note: Here, the target machine is Windows 10 (10.10.10.10) and the IP addresses might vary in your lab environment
17. The following screenshot shows that five TCP packets were sent through port 80 to the target machine.
18. Now, switch to the target machine (i.e., Windows 10), and observe the TCP packets captured via Wireshark.
19. Next, stop the packet capture, and start a new capture. Ixave the Wireshark window running.
20. Switch to the Kali Jjnux machine, and try to flood the TCP packets on Windows 10 (target machine).
21. To flood the TCP packets, type hping3 <IP Address off the target
machine> - flood and press Enter.
22. Once you flood traffic to the target machine, it will respond in the
hping3 terminal.
23. Stop the packet capture in Wireshark window running in Windows 10 after a while.
24. Switch to Windows 10 (target machine) and observe the Wireshark window, which displays the TCP packet flooding from the attacker machine.
25. Double-click the TCP packet stream to observe the TCP packet information.
26. The TCP packet stream displays the complete information of TCP packets transmitted to the attacker machine and received packets.
Best Network scanning for windows
Basic Network Troubleshooting using MegaPing
verview of MegaPing
With MegaPing utility, you can detect live hosts, open ports of the system in the network. You can also perform various network troubleshooting activities with the help of network utilities integrated into it, such as DNS lookup name, DNS list hosts, Finger, host monitor, IP scanner, NetBIOS scanner, network time synchronizer, ping, port scanner, share scanner, traceroute, and WHOIS.
5. The About MegaPing pop-up appears. Wait until I Agree button appears, and then click the button.
6. MegaPing (Unregistered) GUI appears displaying the System Info as shown in the following screenshot
7. Select any of the options from the left pane of the window.
8. For instance, select IP scanner, specify the IP range in From and To
fields; in this lab the IP range is 10.10.10.1 to 10.10.10.50. Click Start.
Note: You may specify the IP range depending on your network.
9. MegaPing lists down all the IP addresses under the specified target range with their TTL, Status (dead or alive), and statistics of the dead and alive hosts.
Note: The results may vary in your lab environment.
10. Right-click an IP address, and click Trace route.
11. In this lab, the IP address of Windows Server 2012 (10.10.10.12) is
selected. This IP address may vary in your lab environment.
12. MegaPing redirects you to Traceroute section, displaying the number of hops taken by the host machine to reach the Windows Server 2012 virtual machine.
13. Select Port Scanner from the left pane.
14. Enter the TP address of Windows Server 2012 (10.10.10.12) machine
under Destination Address List section, and click Add. The TP address listed below might vary in your lab environment.
15. Check the IP address, and click the Start button to start listening to the traffic on 10.10.10.12.
16. MegaPing lists the ports associated with Windows Server 2012, along with the port Type, Keyword, Risk, and Description, as shown in the following screenshot
Understanding Network Scanning using Nmap
5. At the time of installation, an Npcap setup pop-up appears. If a higher version of Npcap is already installed, click Cancel and follow the wizard- driven installation steps to install Nmap.
Note: If you did not install Npcap earlier, click I Agree to install it
6. On the completion of installation, launch the Nmap - Zen map GUI application from Start menu.
7. The Nmap - Zenmap GUI appears with the Intense scan profile set by default.
8. In the Command field, type the command nmap -O followed by the range of IP addresses. In this lab, it is 10.10.10.*. By providing the “*” (asterisk) wildcard, you can scan a whole subnet or IP range with Nmap to discover active hosts.
Note: This range may differ in your lab environment
9. Click Scan to start scanning the virtual machines.
10. Nmap scans the entire network and displays information for all the hosts that were scanned, along with the open ports, device type, details of OS, and so on.
Note: The results returned by Nmap may vary in your lab environment.
11. Either scroll down the window or select a host’s IP address from the list of hosts in the left pane to view their details.
12. Click the Ports/Hosts tab, and choose a host’s IP address (here
10.10.10.12 has been selected) from the left pane to view all the open ports associated with the selected host.
13. An attacker might attempt to establish a connection through any of these open ports by exploiting any vulnerabilities (if found) in a running service.
14. CZlick the Topology tab to view topolog}' of the target network that contains the target IP address.
15. Click Fisheye option to view the topology in a clear way. Note: Screenshots might differ in your lab environment.
16. Click the Host Details tab and select a host’s IP address (here
10.10.10.12) to view the details of the host that was discovered during the scan.
17. Click the Scans tab to view the status of the scan.
18. Click the Services tab, and select each service (here http has been chosen) to list all the ports on whom the service is running, their state (open/dosed/unknown), version, and so on.
Note: The services listed under the Services section may vary in your lab environment..
19. Once the scan is performed, terminate the scan, and exit the Nmap application.
20. launch Nmap - Ze nmap GUI from the Apps screen.
21. In the Command field, type the command nmap --packet-trace followed by the IP address of the target machine (i.e., Windows 10 [10.10.10.10]).
Note: 10.10.10.10 is the IP address of the Windows 10 virtual machine in
this lab. This IP address might differ in your lab environment
22. You are performing a network inventory for the virtual machine.
23. CZlick Scan to start scanning the virtual machine.
24. By issuing the --packet-trace command, Nmap sends some packets to the intended machine and receives packets in response to the sent packets. It prints a summary of every packet it sends and receives.
25. The following screenshot shows the packets sent from host to target and packets received from target to host displayed under Nmap Output tab in Nmap:
26. Scroll down the window to view the open TCP ports.
27. Click the Ports/Hosts tab to display more information on the scan results.
28. Nmap displays the Port, Protocol, State, Service, and Version of the
scan. Here, as you can observe, more number of ports have been found open compared to the previous scan.
29. Click the Topology tab to view topology of the target network that contains the provided IP address.
30. CSlick Fisheye option to view the topology in a clear way.
31. In the same way, click the Host Details tab to see the details of all hosts discovered during the intense profile.
32. Click the Scans tab to view the status of the scan and command used.
33 Click the Services tab located in the right pane of the window. This tab displays the list of services.
34. An attacker uses any of these services and their open ports in order to enter into the target network/host and establish a connection.
35. Once the scan is performed, you may terminate Nmap.
36. Slow Comprehensive Scan uses three different protocols—TCP, UDP, and SCTP—and helps in determining which OS, services, and versions the host are running according to the most common TCP and UDP services.
37. It is simply an intense scan using UDP protocol in addition with some more scanning option. This scan in performed in an attempt to trace the machines on a network, even if they are configured to block Ping requests.
38. launch Nmap - Zenmap GUI from the Apps screen.
39. Enter the IP address of Windows 10 (10.10.10.10) in the Target field,
select Slow comprehensive scan from the Profile drop-down list, and
click Scan.
40. Nmap scans the target IP address with Slow comprehensive scan and displays the scan result in the Nmap Output tab.
41. CZlick the Ports/Hosts tab to display more information on the scan results. Nmap employs various scanning techniques using the slow comprehensive scan, and displays more open ports.
42. Nmap displays the Port, Protocol, State, Service, and Version of the
scan.
43. In the same way, click the Topology tab to view topology of the target IP address in the scan profile.
44. Click the Host Details tab to see the details of all hosts discovered during the intense profile.
45. Click the Scans tab to view the status of the scan and command used.
46. Click the Services tab located in the right pane of the window. This tab displays the list of services.
47. An attacker uses any of these services and their open ports to enter into the target network/host and establish a connection.
48. Once the scan is performed, you may terminate the scan.
49. In addition to the scans featured above, you can also perform various other scans such as SYN scan, XMAS scan, ACK Flag scan, and so on, in order to discover machines and their open ports and services in a network.
50. You may also choose the default scan profiles available in Nmap to scan a network.
51. Null scan sends a packet with no flags switched on. It works only if the TCP/TP implementation has been developed for the OS according to RFC] 793. In a null scan, attackers send a TCP frame to a remote host with NO Flags.
52. Under Profile: field, select Regular scan from the drop-down list
53. To perform a null scan of a target IP address, you need to create a new
profile. Click Profile -> New Profile or Command.
54. On the Profile tab, input a profile name Null Scan in the Profile name field.
55. Click the Scan tab in the Profile Editor window. Select the Null scan (- sN) option from the TCP scan: drop-down list.
56. Select None in the Non-TCP scans: drop-down list and Aggressive (-T4) in the Timing template: list Check the Enable all advanced/aggressive options (-A) option, and click Save Changes.
57. Using this configuration, you are setting Nmap to perform a null scan with the time template as -T4 and all aggressive options enabled.
58. In the main window of Zenmap, enter the target IP address (here,
10.10.10.9 which belongs to Ubuntu virtual machine) to scan, select the Null Scan profile from the Profile drop-down list, and then click Scan.
59. By issuing the command, Nmap sends TCP packets with none of the TCP flags set in the packet If the scan returns an RST packet, it means the port is closed; however, if nothing is returned, the port is either filtered or open.
60. Nmap scans the target and displays results in Nmap Output tab.
Note: The results obtained in your lab might differ from those displayed in the following screenshot:
61. You can click the other tabs to examine the results obtained by Nmap.
