The first step of attacking is to get as much information as possible for the target network. An attacker would find bugs of different OSs and available services. This can be done by a toll called scanner. Scanning can be made manually, but it is much easier to automate scanning with scanner tools such as SATAN(Security Administrator’s Tool for Analyzing Networks), Nessus, Nmap and so on.
Scanners query TCP/IP ports and record the target’s response. They glean valuable information about the target host by determining
. What services are currently run?
. Who owns those services?
. Whether anonymous logins are supported
. Whether certain network services require authentication
Port and port scanning
Port is an access point for an application running on a computer system. All Internet and TCP/IP based networks require a source IP address, destination IP address and source port as well as destination port. There are three kinds of port, which are well-known ports, registered ports and dynamic (private) ports. The well-known ports range from 0 to 1023, the registered ports are those from 1024 through 49151, the dynamic (private) ports are those from 49152 through 65535.
Finger printing scanning
Fingerprinting is a technique that tries to identify the target system operating system. The technique helps an attacker to ascertain each target system host’s OS with a high probability. Once the target system OS is identified, the attacker can concentrate on his effort to compromise it.