Home > Articles

Footprinting and Scanning

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

This Chapter helps you prepare for the EC-Council Certified Ethical Hacker (CEH) Exam by covering footprinting and scanning. A more detailed list of these items includes the following objectives:

Define the seven-step information gathering process

  • The EC-Council divides information gathering into seven basic steps. These include gathering information, determining the network range, identifying active machines, finding open ports and access points, OS fingerprinting, fingerprinting services, and mapping the network.

Define footprinting

  • The process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment.

Locate the network range

  • Locating the network range is needed to know what addresses can be targeted and are available for additional scanning and analysis.

Identify active machines

  • The identification of active machines is accomplished by means of ping sweeps and port scans. Both aid in an analysis of understanding if the machine is actively connected to the network and reachable.

Understand how to map open ports and identify their underlying applications

  • Ports are tied to applications and, as such, can be registered, random, or dynamic.

Describe passive fingerprinting

  • Passive fingerprinting is the act of identifying systems without injecting traffic or packets into the network.

State the various ways that active fingerprinting tools work

  • Active fingerprinting tools inject strangely crafted packets into the network to measure how systems respond. Specific systems respond in unique ways.

Use tools such as Nmap to perform port scanning and know common Nmap switches

  • Understanding Nmap switches is a required test element. Common switches include -sT, full connect, and -sS, a stealth scan.

Outline

Introduction

92

Determining Assessment Scope

92

The Seven-Step Information Gathering Process

92

 

Information Gathering

93

 

Determining the Network Range

107

 

Identifying Active Machines

111

 

Finding Open Ports and Access Points

113

 

OS Fingerprinting

122

 

Fingerprinting Services

126

 

Mapping the Network

127

Summary

130

Key Terms

130

Apply Your Knowledge

131

 

Exercises

131

 

Exam Questions

133

 

Answers to Exam Questions

136

 

Suggested Reading and Resources

138

  • + Share This
  • 🔖 Save To Your Account