1
00:00:00,090 --> 00:00:06,090
‫Active scanning is done through sending multiple probe requests and recording the probe responses.

2
00:00:07,040 --> 00:00:13,010
‫Because passive scanners are limited to looking at existing traffic, they suffer in terms of overall

3
00:00:13,010 --> 00:00:14,690
‫completeness and accuracy.

4
00:00:15,170 --> 00:00:21,890
‫For example, a passive scanner can't detect an application that no one ever uses, and it can be fooled

5
00:00:21,890 --> 00:00:26,900
‫easily by a system intentionally spewing out misinformation and disinformation.

6
00:00:28,320 --> 00:00:34,740
‫The all seen on this slide are a few examples of active scanning tools in this course, we will examine

7
00:00:34,740 --> 00:00:38,130
‫the end map and NASA's tools in detail.

8
00:00:38,700 --> 00:00:44,040
‫HP is an excellent command line oriented TCP IP Packet Assembler Analyzer.

9
00:00:45,470 --> 00:00:52,460
‫The interface is inspired by the Ping eight Unix command, but each ping isn't only able to send ICMP

10
00:00:52,460 --> 00:00:53,420
‫Echo requests.

11
00:00:54,430 --> 00:01:02,650
‫It supports TCP, UDP, ICMP and raw IP protocols as it trace root mode, the ability to send files

12
00:01:02,650 --> 00:01:05,110
‫between a covert channel and many other features.

13
00:01:06,320 --> 00:01:09,170
‫So a subset of the stuff you can do using a jumping.

14
00:01:10,190 --> 00:01:11,210
‫Firewall testing.

15
00:01:11,510 --> 00:01:13,470
‫Advanced port scanning network.

16
00:01:13,490 --> 00:01:16,940
‫Testing using different protocols to use fragmentation.

17
00:01:17,930 --> 00:01:25,100
‫Manual path to Discovery advanced trace route under all the supported protocol, remote O.S. fingerprinting,

18
00:01:25,970 --> 00:01:27,260
‫remote uptime guessing.

19
00:01:28,370 --> 00:01:31,070
‫And don't forget, TCP IP stacks auditing.

20
00:01:32,120 --> 00:01:38,150
‫It can also be useful to students that are learning TCP IP, although it's a packet analyzer tool.

21
00:01:38,420 --> 00:01:45,530
‫It's widely used for D.O.C. denial of service tests and attacks to create IP spoofed packets and send

22
00:01:45,530 --> 00:01:46,700
‫them to the target system.

23
00:01:48,030 --> 00:01:54,420
‫Let's see how we can use the shipping command to scan the network, simply go to Carly and open a terminal

24
00:01:54,420 --> 00:01:54,810
‫screen.

25
00:01:55,990 --> 00:02:00,880
‫Each being three is embedded in the collar and defined in the path, so you can use it anywhere.

26
00:02:01,270 --> 00:02:03,970
‫Just typing the name of the command age being three.

27
00:02:05,130 --> 00:02:10,890
‫Type each ping three, dash each or each ping three dash help to see the detailed usage of the Ping

28
00:02:10,890 --> 00:02:11,520
‫three command.

29
00:02:13,690 --> 00:02:16,390
‫Let's look at a few parameters important first canning mode.

30
00:02:18,000 --> 00:02:24,150
‫Under the mod title, we have a scan mode, and the help shows a sample usage of the mode as well.

31
00:02:24,600 --> 00:02:29,850
‫We'll use scan or eight parameter to use each being in scan mode.

32
00:02:30,900 --> 00:02:33,210
‫Under TCP UDP title.

33
00:02:34,160 --> 00:02:38,450
‫We have the parameters to set the flags of TCP or UDP packet.

34
00:02:39,170 --> 00:02:44,540
‫Well, you'll see the flags and meaning in this course and following lectures, so just see the shipping

35
00:02:44,540 --> 00:02:45,350
‫in action now.

36
00:02:47,190 --> 00:02:57,030
‫For example, uppercase s or sin parameter is used to set the sin flag of TCP or UDP packets.

37
00:02:58,180 --> 00:03:04,810
‫Let's prepare the age bin command to make a network scan, the first parameter is scan to use a ping

38
00:03:04,810 --> 00:03:05,620
‫in scan mode.

39
00:03:06,730 --> 00:03:13,930
‫Here, we should say in which ports we will scan in this example, zero to 500 means that the ports

40
00:03:13,930 --> 00:03:16,120
‫between zero and 500 will be scanned.

41
00:03:16,970 --> 00:03:21,410
‫You can give a port range like this with a dash between the lower bound in the upper bound.

42
00:03:22,190 --> 00:03:25,730
‫Or you can give the ports one by one separating them by a comma.

43
00:03:26,200 --> 00:03:29,000
‫Or you can use a combination of these two.

44
00:03:30,290 --> 00:03:34,970
‫Now I want to set the scene flag of the pack because all TCP connections start with a signed packet.

45
00:03:35,300 --> 00:03:40,400
‫Well, again, we'll show you how a TCP handshake is made later on in the following lectures.

46
00:03:41,670 --> 00:03:43,650
‫Here comes the IP address to scan.

47
00:03:44,570 --> 00:03:45,890
‫Hit enter to start the scan.

48
00:03:46,830 --> 00:03:55,320
‫Here we have the responding ports and the flags column says what the reply is, we sent send packets

49
00:03:55,320 --> 00:03:57,540
‫and get send act packed.

50
00:03:57,840 --> 00:04:00,900
‫That means ports are accessible and open to us.

51
00:04:01,940 --> 00:04:03,110
‫Now, let's make another scan.

52
00:04:04,240 --> 00:04:12,310
‫This time, I'll use Uppercase X to make a Christmas scan, and this can push urgent, and Finn flags

53
00:04:12,310 --> 00:04:16,000
‫are set in the packet, which is not seen in regular traffic.

54
00:04:18,310 --> 00:04:21,940
‫Since the packets they received are not valid packets, they've dropped them.

55
00:04:23,010 --> 00:04:24,780
‫And returned no response.