Official Student Lab Guide

                                                                                  Lab 4 – Detecting Live Systems






















                          b.  Ping sweep and TCP probe: Sometimes you may merely want to check the availability of
                              a system without sending ICMP echo requests, which may be blocked by some sites. In
                              this case, a TCP "ping" sweep can be used to scan a target's network. A TCP "ping" will
                              send an ACK to each machine on a target network. Machines that are up should respond
                              with a TCP RST. To use the TCP "ping" option with a ping scan, include the "-PT" flag to
                              target a specific port on the network you're probing. In our example, we'll use port 80
                              (http), which is the default, and it will probably be allowed through the target's border
                              routers and possibly even its firewall. Note that the targeted port does not need to be
                              open on the hosts that are being probed to determine if the machine is up or not.
                                 i.  nmap -sP -PT80 192.168.48.#/22








          Report piracy if the fingerprint in this box is of poor resolution!






















                          c.  TCP connect scan: When an attacker is using TCP connect scans, because Nmap will use
                              the connect() system call to open connections to interesting ports on the target host
                              and complete the 3-way TCP handshake, the probe is easily detected by the target host.



               Certified Penetration Testing Engineer – v06.3.1.4                                 P a g e  | 69
               ©Mile2 – All Rights Reserved