chapter 5
what kind of port should each respond to
Open ports should respond to a SYN message with a SYN/ACK. Closed ports should respond to a SYN message with a RST message.. UDP messages are sent from a client to a server and it's up to the server how it responds.
aeg
The parameters used with fping are aeg, which means fping shows hosts that are alive, show elapsed time, and generate a list of targets from an address block.
fping
This is a tool designed to send ICMP echo requests to multiple systems.
four categories of vulnurability
False Positive: The scanner has identified something it believes to be a vulnerability. After investigation, it turns out it's not really a vulnerability. False Negative: The scanner has not identified a vulnerability. It later turns out that there was a vulnerability that the scanner missed. True Positive: The scanner has identified a vulnerability that, after manual investigation, turns out to be a legitimate vulnerability. True Negative: The scanner has not identified a vulnerability and there is not a vulnerability to identify.
OpenVAS
allows you to have multiple users, each of which may have different permissions. Some users may be able to create scans, while others may only be able to look at the scan results.
MegaPing
another tool used to perform a ping weep, MegaPing is a GUI-based tool that runs under Windows. It incorporates several functions into a single interface. The ping sweep can be accomplished using the IP Scanner tool, which you would select from the list on the left-hand side.
Nmap
can perform UDP scans as well as multiple types of TCP scans when it comes to port scanning. In addition, nmap will detect operating system types, applications, and application versions. Perhaps more significantly, nmap supports running scripts. These scripts allow anyone to extend nmap's functionality.
F ping and megaping
explanation is on pic on phone
Nessus
is the parent of OpenVAS, which makes it worth looking at, especially to see how it has diverged from the path OpenVAS took. While Nessus is a commercial product, there is a home license so you can use it on your home network to compare against OpenVAS and also see another approach to vulnerability scanning.
Ping Sweep
A ping sweep is when you send ping messages to every system on the network, thus the "sweep" part. The ping is an ICMP echo request, which is a common message to be sent. As long as you aren't pounding targets with an unusual number or size of these messages, they may not be noticed. Ping sweeps aren't guaranteed to succeed because there may be firewall rules that block ICMP messages from outside the network
TCP
uses a three-way handshake to initiate connections,The three-way handshake uses the SYN and ACK flags to complete the connection process. Other flags, such as URG, PSH, and FIN, are used for other purposes, and the RST flag is used to let other systems know to cease communications on the destination port in the received message.
he e parameter
was passed to fping, it provides the elapsed time. This is the round-trip time between the message that was sent and the response that was received.
vulnerability scanner,
will identify open ports and listening applications, then determine what vulnerabilities may be possible based on those applications. The scanner will then run tests that have been defined for those vulnerabilities.