After completing first phase (reconnaissance) of Penetration testing by Penetration tester, they will enter into second phase scanning. The main aim of scanning phase is to gathering specific information about the computers and devices are connected with the targeted Network of the organization. Throughout this phase, Pentester get the information about live hosts, Operating System, Services for example: web service, SMTP, FTP, SSH etc, and the vulnerabilities. Scanning is done by using different tools. For example: Nessus, Nmap, Hping3 etc.
Before starting network Scanning understand about network first
Ports and Firewalls:
One of the most important method to secure the network by implementing a firewall between the private and public network. A firewall is a software or Hardware device which is filter inbound or outbound traffic by using access control Lists, which traffic does not meet the criteria of the Access Controls are dropped by firewall. All this process happened by opening or closing particular ports to allow or deny network traffic.
Ports are the different way, used for computer to computer communication. Total number of TCP ports are 65,535 and another 65535 for UDP ports that can be used for communication. A little number of ports are designated for a specific purpose for example Port 80 is used by HTTP (Hyper Text Transfer Protocol).
Protocols is a set of rules for communication on computer network. These protocols ensure the communication between computer and network devices according predefined rules.
TCP (Transmission Control Protocol)
TCP is one of the main protocol used for network communication. TCP is connection oriented protocol, implying that the machines on each one side of the communication channel recognize that the session is open and the messages are, no doubt gained on each one side of the association. Previously, numerous individuals have related this to a telephone call.
Three Way Handshake:
First Way: Computer A sends packet to the Computer B with SYN (Synchronize) flag.
Second Way: The Computer B give the reply with SYN/ACK packets to the Computer A.
Third Way: In the Final stage of create communication is, the Computer A again send another packet with ACK Flag.
UDP (User Datagram Protocol):
The UDP is a protocol that has less overhead than the TCP connections. On the off chance that the TCP communication procedure is undifferentiated from a telephone call where both gatherings guarantee the communication is, no doubt gained as sent at both sides of the interchanges channel, UDP is more like a radio broadcast where the communication is conveyed and none, of these the sender or beneficiary confirm, by default, that a correspondence parcel has been gained. Applications that utilization UDP communications quality lower overhead and higher speed over the expanded dependability, for example, streaming video and music.
ICMP (Internet Control Massage Protocol)
ICMP is a health and maintenance protocol for the network. This protocol is used to find devices in a network are communicating properly or not. ICMP transport messages from network devices, computers and server applications. It contained their headers, a set of specific code or number. These sets are broadcast messages provide information about host or nodes in the network. These code helps for penetration tester to determine what the computer are on the target.