TCP flags help tell the story of data transmission. Lisa Bock reviews the different flags used in the TCP header, how flags can be used when scanning the network to get a response, and how flags can help avoid detection of an intrusion detection system (IDS). Discover the techniques used by Nmap, such as Full Connect, SYN Stealth and a XMAS scan.
- [Voiceover] When scanning, we attempt to get…a response from a port.…There is a potential of 65,535 TCP and UDP ports.…The port numbers are used to identify…a specific application or process.…Port numbers fall into three main groups.…The Well-Known Ports.…These are in the range of one to 1,023.…And these are the Well-Known protocols…such as FTP, DNS, and HTTP.…
Registered Ports, these are in the range…of 1,024 through 49151.…These are registered for specific services…such as SOCKS, OpenVPN, and gaming applications.…In the really high level ports are Dynamic or Ephemeral.…Those would be in the range of 49152 to 65535.…When scanning, the Well-Known Ports are almost always tried,…but also, some registered ports are tried as well.…
When scanning, we mostly focus on TCP.…Well that's because TCP has more opportunities…to manipulate the header than UDP.…UDP is a connection-less protocol based on speed.…It will never get a response, and is therefore…more difficult to probe than using TCP.…A response from a UDP probe might be an…
This course investigates the scanning tools and techniques used to obtain information from a target system, including specially crafted packets, TCP flags, UDP scans, and ping sweeps. Lisa Bock discusses how hackers can identify live systems via protocols, blueprint a network, and perform a vulnerability scan to find weaknesses. She also introduces some of the tools and techniques that hackers use to counter detection via evasion, concealment, and spoofing. In addition, learn how to reduce the threat of tunneling, a method hackers use to circumvent network security.
Note: Our Ethical Hacking series maps to the 18 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312_50). This course maps to the 03 Scanning Networks domain.
- Scanning overview
- Port scanning countermeasures
- Scanning and querying DNS
- Scanning with ICMP
- Mapping (or blueprinting) a network
- Scanning for vulnerabilities
- Using tools such as hping and NetScan
- Evading detection
- Concealing your network traffic
- Preventing tunneling