The second step of ethical hacking and penetration testing involve two terms that is scanning or port scanning and enumeration, we will discuss the these two steps separately. Before reading this article you must have an idea about first step, if you have not read our previous article on it than read footprinting step by step.
- Port scanning is a common technique used by a penetration tester to find out the open doors, In technical terminology port scanning is used to find out the vulnerabilities in the services listing on a port. During this process you have to find out the alive host, operating systems involved, firewalls, intrusion detection systems, servers/services, perimeter devices, routing and general network topology (physical layout of network), that are part of the target organisation.
- Port scanning involve connecting with TCP and UDP ports on a system, once you have found the IP addresses of a target organisation by footprinting technique you have to map the network of this organisation.
- There are so many automatic port scanner available on the Internet, but the most common and popular tool is nmap, Nmap is a network mapper and a power full, flexible, freely available and easy to use tool. It is available for both linux and windows based operating system.
- Nmap is not only a single player in the field of port scanning there are different tools like netscantools, Superscan, Unicornscan, Scanrand and Portscan 2000 or more.
- Enumeration is the first attack on target network, enumeration is the process to gather the information about a target machine by actively connecting to it.
- Enumeration means to identify the user account, system account and admin account. Enumerating windows active directory to find out these stuffs.
- Discovering NetBIOS name enumeration with NBTscan.
- Establishing null sessions and connections. Null sessions tools like Dumpsec, Winfo and Sid2User or more, may used to perform this attack.