Port scanning in depth
How to identify open ports to find vulnerabilities
“No wind favors him who has no destined port.”
Taught by: Peter Zsiros
Length: 4 hours
Port scanning is used to identify open ports and services available on a host. It is used by security technicians to audit computers for vulnerabilities, however, it is also used by hackers to explore victims.
In this course you will learn how the most popular scanning techniques work and what they are good for so that you can choose the most appropriate one (or combination) for a given task. We will also examine how port scanning can be detected by IDS/IPS systems, and how one can try to avoid them.
Other hacking courses from the same trainer, Peter Zsiros.
For ethical hackers, system administrators, network engineers. Also recommended for those who are preparing for security exams, since scanners are a popular topic.
Basic understanding of TCP/IP networking
We will use 3 virtual machines + Kali Linux
Minimum 8 GB memory is required
You will know which port scanning technique to use and when. You will be also able to discover and understand the deeper connections functioning in a network.
Curriculum and videos
Start the course for free! No credit card needed.
Section 1 - Setting up our environment
As the first step we set up our test environment. (For this you can download the virtual machines and the ISO image from http://www.duckademy.com/downloads.) For this we will install Wireshark on the target machine and Nmap to the attacker machine.
Section 2 - Performing TCP connect scan (-sT)
In this part you will learn how the TCP connect scan works and what are the advantages of this type of scan. We will review its disadvantages as well.
- Video 2 - Performing TCP connect scan (-sT) 34:35, 83MB
Section 3 - Performing SYN scan (-sS)
You will learn how the SYN scan works, and what its advantages and disadvantages are.
- Video 3 - Performing SYN scan (-sS) 11:25, 44MB
Section 4 - Reverse scan techniques
In this part you will learn how the reverse scanning techniques (XMAS, Null, FIN, Maimon) work and how they try to identify the closed ports.
- Video 4 - Performing XMAS scan (-sX) 13:56, 46MB
- Video 5 - Performing Null scan (-sN) 9:14, 34MB
- Video 6 - Performing FIN scan (-sF) 8:07, 32MB
- Video 7 - Performing Maimon scan (-sM) 8:48, 32MB
- Video 8 - Performing reverse scans against Linux systems (-sX, -sN, -sF) 22:09, 73MB
Section 5 - Performing ACK scan (-sA)
This time we will use the ACK scan to identify the filtered and unfiltered ports.
- Video 9 - Performing ACK scan (-sA) 5:56, 24MB
Section 6 - Spoofing identity
We will show you how a real attacker can try to cover his/her identity, or blame someone else as attacker.
Section 7 - IDS/IPS detection of port scans
We examine two widely used IDS/IPS systems, to what extent they are able to detect the previous scanning techniques with built-in/freely available rulesets.