Chapter 6 Topics
This chapter covers the following topics and concepts:
How to determining the network range
How to identify active machines
How to map open ports
What Operating System (OS) fi ngerprinting is
How to map the network
How to analyze the results
Chapter 6 Goals
When you complete this chapter, you will be able to:
Defi ne port scanning
Describe common port scanning techniques
List common Nmap switches
Describe why User Datagram Protocol (UDP) is harder to scan
than Transmission Control Protocol (TCP)
Defi ne common Nmap command switches
Describe OS fi ngerprinting
Detail active fi ngerprinting
List differences between active and passive fi ngerprinting
List network mapping tools
Determining the Network Range
The fi rst step in port scanning is one of preparation, specifi cally the gathering of infor-
mation about the range of Internet protocols (IPs) in use by the target. When identifying
the network range, your ultimate goal is to get a picture of what the range of IP addresses
in use look like together with the appropriate subnet mask in use. With this information
the port scanning process can become much more accurate and effective as only the
IP addresses on the intended victim will be scanned. Not having the appropriate network
range can result in an inaccurate or ineffective scan that may even inadvertently set off
detective measures. When getting information about the network ranges, two options
can be used. With a manual registrar query, you simply go directly to the registration sites

Get Hacker Techniques, Tools, and Incident Handling now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.