Scanning is one of the three components of intelligence gathering of an attacker.Scanning is the second phase in steps of hacker.
Through scanning , hacker find the info. regarding victim sytems , like OS , System Architecture , IP adresses , service running on computer
to discover which ports are active , etc.



Port scanning Procedure


Basically there are 3 types of scanning which as follows :

  1. Port Scanning
  2. Network Scanning
  3. Vulnerability Scanning

Port Scanning : – A series of messages sent by someone attempting to break into a computer to learn about the Computer’s network services.
Each associated with a well known port number.

Network Scanning : – A procedure for identifying active hosta on network. Eother for the procedurethem or for network security assesment.

Vulenrability Scanning: – The automated process of proactively identifying vulnerabilities of computing systmes present in a network

Port scanning Procedure : –
1. ICMP Scanning
In this type of scanning, By pinging all in network finding the up hosts , it can run in parallel o that it can run fast.
It can also be helpful to tweek the ping timeout value with the -t option

2. Angry IP Scanner :-
It is used for Window Platform , can scan IPs in any range.its simply ping every IP to check if it is alive.

3. Firewalk Tool

It is a tool that employs traceroute like technique to analyze IP packet response to determine gateway ACL filters and map networks
it determine the filter rules of victim place.

Check for Open Ports
Three way Hand Shake take place for checking the Open ports.
Tools used for checking Open Ports

I will surely  post about  Tool used for Port scanning.

We got the live systems , its open ports and knowing about services our next step is Banner Grabbing/OS fingerprinting.
Os fingerprinting is the method to determine the operating system that is running on the target system.And its also have two made Active and passive.

Active stack Fingerprinting.
Based on the fact that OS vendors implement the TCP stack differently specially crafted packets are sent to remote OSs and the response is noted. The responses are then compared with a database to determine the OS. The firewall logs your active banner grabbing scan since you are probing directly

Passive Fingerprinting
Passive bannergrabbing refers to indirecetly scanning a system to reveal its OS system its also based on the diffrential implantation of the stack and the various ways an OS responds to it.It uses sniffing techniques instead of the scanning techniques. It is less accurate than active fingerprinting

There are also various tools regarding Bannergrabbing which are discuss in this post.

Vulnerability Scanning
Bidiblah Automated Scanner -: It automates footprinting, DNS enumeration , banner grabbing, port scanning , and vulnerabilities assessmnent into a single program. its methodology


ISS Security Scanner
ISS provide automated vulnerability detections and analysis of network systems
it perofrm automated , distributed or event driven probes of geographically dispersed network services .OS. routers/switches. firewalls and applications and then displays the scan results


  • Nessus
  • GFI LANGuard
  • SATAN (Security Administartor’s Tool for Analyzing Networks)
  • Retina
  • Nagios
  • Packet trap’s pt 360 Tool suite
  • Nikto

After finding the vulnerability , hacker have to draw network Diagrams of Vulnerable Hosts. For Network Diagrams i made a list which can hep you in it.

  • Friendly Pinger
  • LANsurveyor
  • IPsonar
  • LANState
  • Insightix Visibility
  • IPCheck Server Monitor

And the last step is regarding Preparing proxies. So here you can learn about proxies which is useful for this purpose.

Hope you are getting all the session, if have any query just ask in comment sections.
Keep visiting !!