1
00:00:00,740 --> 00:00:09,530
In this dynamic field of information security, Nmap stands all as the undisputed champion of the network

2
00:00:09,530 --> 00:00:18,080
scanning tools with its cutting edge features extensive support for IP version six, a plethora of NSA

3
00:00:18,290 --> 00:00:23,840
scripts, advanced configuration options and diverse scanning modes.

4
00:00:23,870 --> 00:00:28,400
Nmap leaves other scanning trailing far behind.

5
00:00:28,430 --> 00:00:34,640
Security researchers worldwide have contributed numerous ping and port scanning techniques to Nmap,

6
00:00:34,640 --> 00:00:39,440
making it an indispensable asset for host and service discovery.

7
00:00:39,470 --> 00:00:45,770
In this section we will explore the powerful ping scanning techniques offered by Nmap, enabling you

8
00:00:45,770 --> 00:00:50,480
to perform a comprehensive scans and enhance your network security.

9
00:00:51,250 --> 00:00:58,180
But first we will learn discover host with TCP synchronizing ping scans.

10
00:00:58,180 --> 00:01:07,240
So one of the primary ping scanning techniques TCP syn here allows us to identify active hosts by sending

11
00:01:07,240 --> 00:01:09,700
synchronized packets to target ports.

12
00:01:09,700 --> 00:01:17,800
So by analyzing the response, you can determine the availability of hosts and their associated services.

13
00:01:17,800 --> 00:01:23,740
For example, let's say we want to scan a subnet for a live host using the TCP synchronized scans.

14
00:01:23,770 --> 00:01:33,970
We will do Nmap, uppercase P and S here, port 80 here, port 80, and here we will enter our IP address.

15
00:01:36,150 --> 00:01:44,640
Zero 24 here and here we will get an and as you can see here, we saw in this scan this here.

16
00:01:44,640 --> 00:01:52,740
So we also learned how to discover hosts with TCP EC ping scans, acknowledged ping scans.

17
00:01:52,740 --> 00:02:02,280
So TCP ping scans takes advantage of the TCP protocol and acknowledgment mechanism to identify active

18
00:02:02,280 --> 00:02:02,700
hosts.

19
00:02:02,700 --> 00:02:10,620
So this technique sends EC and acknowledgment packets to specific ports and analyzes the response to

20
00:02:10,620 --> 00:02:12,840
determine if a host is up or not.

21
00:02:12,840 --> 00:02:16,290
So here's an example of using TCP ec.

22
00:02:16,620 --> 00:02:18,630
EC ping scan.

23
00:02:18,630 --> 00:02:19,680
So discover Host.

24
00:02:19,710 --> 00:02:23,820
In order to do that, we will use an nmap here.

25
00:02:24,900 --> 00:02:33,510
Nmap P uppercase P, a port 22 and here we will enter our IP address, target IP address.

26
00:02:33,510 --> 00:02:38,800
In this case it's going to be my localhost 192.168..

27
00:02:40,330 --> 00:02:41,220
Uh, here.

28
00:02:41,230 --> 00:02:42,340
No, it was.

29
00:02:45,990 --> 00:02:46,860
If config here.

30
00:02:46,860 --> 00:02:47,990
So it was 13?

31
00:02:48,000 --> 00:02:48,630
Yes.

32
00:02:49,640 --> 00:02:53,210
The 13.0 and 24 here.

33
00:02:53,210 --> 00:02:57,130
So we will scan only zeros here from 0 to 255.

34
00:02:57,140 --> 00:03:01,400
And as you can see here, this is a close cache port.

35
00:03:01,430 --> 00:03:03,130
This is our output here.

36
00:03:03,140 --> 00:03:10,700
So here we will also learn in this section how to discover hosts with UDP ping scans.

37
00:03:10,700 --> 00:03:18,890
So UDP ping scans probe target hosts by sending UDP packets to specific ports and examining the response.

38
00:03:18,890 --> 00:03:26,900
So UDP scans are useful for discovering a host that may not respond to TCP based techniques.

39
00:03:26,900 --> 00:03:32,990
So let's perform a UDP ping scan on a range of hosts, so we will use Nmap.

40
00:03:34,640 --> 00:03:42,860
Nmap uppercase P port port, for example, 20 or 80 here.

41
00:03:42,860 --> 00:03:51,530
So 192168 13 zero from from 0 to 200.

42
00:03:52,570 --> 00:03:55,360
And here only works if you are root.

43
00:03:55,390 --> 00:04:00,850
Of course we need to use because we need to read the root responses of the wire.

44
00:04:00,850 --> 00:04:03,190
And here we will use the pseudo.

45
00:04:03,190 --> 00:04:05,620
And now we will get an output.

46
00:04:05,620 --> 00:04:11,170
So as you can see here, we scan their Mac addresses, their IP addresses, their open hosts.

47
00:04:11,170 --> 00:04:16,810
So as you can see, it's filtered TCP port here and that's it.

48
00:04:16,810 --> 00:04:22,570
And in this section, we will also learn how to discover hosts with ICMP ping scans.

49
00:04:22,570 --> 00:04:30,760
So ICMP ping scans rely on the Internet control message protocol to determine if host is alive.

50
00:04:30,790 --> 00:04:37,000
So by sending the ICMP echo requests and analyzing the responses, we can identify active hosts.

51
00:04:37,000 --> 00:04:38,920
So consider this example here.

52
00:04:38,920 --> 00:04:43,060
So we will use ICMP ping scans here.

53
00:04:43,060 --> 00:04:48,820
So we will use uppercase P and uppercase E here and we will enter our IP address.

54
00:04:48,920 --> 00:04:59,930
So 192168. 13.0 and 24 here and here you are not root using TCP ping scan rather than ICMP here.

55
00:04:59,930 --> 00:05:06,680
So as you know, you will need to open sudo here to run proper icmp ping scan.

56
00:05:06,680 --> 00:05:09,980
And now we are doing icmp ping scanning here.

57
00:05:09,980 --> 00:05:13,490
So we will discover hosts with ICMP ping scan.

58
00:05:13,550 --> 00:05:20,780
And as you can see here, we have their Mac addresses, their Mac, their network, their makers.

59
00:05:20,780 --> 00:05:25,550
And here we have ports here, ICMP ports, as you can see here.

60
00:05:25,550 --> 00:05:28,040
We got new ports here, Right.

61
00:05:28,040 --> 00:05:33,550
And here in this section, we will also learn how to discover hosts with C.

62
00:05:33,570 --> 00:05:35,750
S init ping scan.

63
00:05:35,750 --> 00:05:44,570
So stp init ping scans utilize stream control transmission protocol as STP to identify live hosts and

64
00:05:44,570 --> 00:05:52,870
by sending the sctp init packets and examining the responses we can determine host availability.

65
00:05:52,870 --> 00:05:59,470
So here we will use Nmap uppercase P here and we will also enter the port.

66
00:05:59,470 --> 00:06:06,370
In this case it's 80 here 192168 13.0 24 here.

67
00:06:06,370 --> 00:06:11,770
So here of course we need to use sudo here.

68
00:06:11,770 --> 00:06:17,560
So here as an example of using sctp init ping scans here.

69
00:06:17,560 --> 00:06:20,680
As you can see, we got the whole different result here.

70
00:06:20,680 --> 00:06:24,310
We have port state service again closed here and so on.

71
00:06:24,310 --> 00:06:32,290
So here we have four hosts up here and we will in this lecture, in this section we will also learn

72
00:06:32,290 --> 00:06:38,050
the more about the how to discover hosts with IP protocol ping scans.

73
00:06:38,050 --> 00:06:43,590
So in order to do that, IP protocol, ping scans exploit various IP protocols, right.

74
00:06:43,600 --> 00:06:46,450
Such as ICMP to detect active hosts.

75
00:06:46,450 --> 00:06:53,420
So by sending IP protocol specific packets and analyzing the responses, we can identify hosts that

76
00:06:53,420 --> 00:06:56,030
may not respond to the traditional ping techniques.

77
00:06:56,030 --> 00:07:01,580
So in order to do that, we will use P here, P or here uppercase.

78
00:07:01,580 --> 00:07:06,020
And after that we will enter our IP address, target IP address here.

79
00:07:06,020 --> 00:07:08,030
So zero.

80
00:07:08,840 --> 00:07:09,860
And 24.

81
00:07:09,860 --> 00:07:16,130
And as you can see here, we also need to run it root here and here.

82
00:07:19,540 --> 00:07:20,380
We will get there.

83
00:07:20,680 --> 00:07:21,880
We will get an output here.

84
00:07:21,880 --> 00:07:25,990
And as you can see here, this is our output for hosts are up here.

85
00:07:26,080 --> 00:07:30,280
We have the services again and so on.

86
00:07:30,430 --> 00:07:38,500
So we will also learn here how to discover hosts with pink scans, how to perform advanced pink scans.

87
00:07:38,830 --> 00:07:44,440
We will also learn Discover hosts with broadcast Pink scans and so on.

88
00:07:44,440 --> 00:07:51,730
So we will also learn scanning IP version six addresses, which adds IP version six Adoption grows.

89
00:07:51,730 --> 00:07:55,990
It becomes crucial to adapt scanning techniques for these addresses as well.

90
00:07:55,990 --> 00:08:04,600
We will learn spoofing the origin IP of a scan here to further obfuscate the scanning activity.

91
00:08:04,600 --> 00:08:08,440
Enable Nmap enables the spoofing of the origin IP address.

92
00:08:08,440 --> 00:08:14,200
We will also learn how to use port scanning for host discovery, while primarily known for its port

93
00:08:14,200 --> 00:08:15,160
scanning capabilities.

94
00:08:15,190 --> 00:08:17,920
Nmap can also aid in host discovery as well.

95
00:08:17,920 --> 00:08:25,370
So by mastering the various ping scanning techniques offered by Nmap system, administrators and security

96
00:08:25,370 --> 00:08:28,700
professionals can enhance their network security.

97
00:08:28,700 --> 00:08:34,070
Understanding the inner workings of these techniques empowers administrators to harden their traffic

98
00:08:34,070 --> 00:08:37,480
filtering rules, making their networks more secure.

99
00:08:37,490 --> 00:08:43,700
Additionally, Nmap has advanced features and customization options enable users to adapt their scans

100
00:08:43,700 --> 00:08:47,960
to overcome network restrictions and enhance stealth.

101
00:08:47,960 --> 00:08:55,490
So embrace the power of Nmap to conduct comprehensive host discovery and fortify your network's defenses.