• Port Scanning Tools

 Port Scanning is the name of the

technique used to identify available ports
and services on hosts on a network.

 Security engineers sometimes use it to

scan computers for vulnerabilities, and
hackers also use it to target victims.
• Network scanners do not actually harm computers; instead, they make requests
that are similar to those sent by human users who visit websites or connect to
other computers using applications like Remote Desktop Protocol (RDP) and
Telnet.

• A port scan is performed by sending ICMP echo-request packets with specific

flags set in the packet headers that indicate the type of message being transmitted:

• Type 8 indicates the request to be an echo-reply packet with the source IP address
as the responding host, while Type 0 indicates that no response is expected from
the responding host.
 Types of Port Scans:
• To protect your network from port scans, it is essential to understand the
different types of port scans used by hackers.
• Vanilla:
The scanner tries to connect to all 65,535 ports ) – The scanner looks for
open UDP ports.
• Sweep:
The scanner pings an identical port on over one computer to envision
which pc is active.
• FTP Bounce:
The scanner goes through an FTP server to mask the source.
• Stealth:
The scanner locks scanned computer records Scan of port.
• Fragmented Packets:
The scanner sends packet fragments as a means to bypass packet
filters in a firewall.
• User Datagram Protocol (UDP):
The scanner looks for open UDP ports.
 Types of Ports:

• Open:
The host replies and announces that it is listening and open for
queries. An undesired open port means that it is an attack path for the
network.

• Closed:
The host responds but notices that no application is listening.
Hackers will scan again if it is opened.

• Filtered:
The host does not respond to a request. This could mean that the
packet was dropped due to congestion or a firewall.
 List of Tools in Port Scanning :
1) Cain and Abel:
 A password recovery tool for Microsoft Windows.
 It could recover many kinds of passwords using methods such as network
packet sniffing, cracking various password hashes by using methods such
as dictionary attacks, brute force and cryptanalysis attacks.
FEATURES:
 WEP cracking
 Speeding up packet capture speed by wireless packet injection
 Ability to record VoIP conversations
 Decoding scrambled passwords
 Calculating hashes
 Traceroute.
 Revealing password boxes

ADVANTAGE:
 Provide a wealth of information about a target system. In addition to identifying if a
system is online and which ports are open, port scanners can also identify the
applications listening to particular ports and the operating system of the host.
 How do Cain and Abel work?

 To begin, the program builds a network adapter that listens in routers and waits for
data to travel via the tool. There will be a lot of data traveling, including the targeted
user password.

 When the user of the program has the data, he or she may immediately launch a
brute-force or dictionary attack. He may also use the Cryptanalysis approach.

 The program may also listen in on VOIP (Voice Over Internet Protocol) records and
caches and cookies. It seems that the tool is acting like Nmap. Nmap, on the other
hand, works on both Linux and Windows computers.
However, this program is limited to the Windows operating system
 2) Maltego

• Maltego is an intelligence gathering tool, its available for windows, mac, and Linux.
USES:
• Maltego is a comprehensive tool for graphical link analyses that offers real-time data
mining and information gathering, as well as the representation of this information on a
node-based graph, making patterns and multiple order connections between said
information easily identifiable.
ADVANTAGES:
• Easily mine data from dispersed sources, automatically merge matching information in
one graph, and visually map it to explore your data landscape.
DISADVANTAGES:
• Requires setup on each machine you wish to install them
• It does not delve as deep into the Transform specifications - no slider or settings.
• Updating a Transform means it needs to be updated on every machine.
• Sensitive data such as usernames and passwords could reside on the computer of the
analysts.
3) NET SPARKER