Scanning Tactics - This lesson will cover common tools in-depth that are used for port scanning including Nmap, Nessus, and Metasploit. The section will introduce readers to using a wide toolset for scanning on penetration tests and provide a deeper understanding of what is going on behind the scenes. For example, the importance of TCP vs UDP scanning, the three-way TCP handshake, stealth scanning, and various Nmap switches. It will also provide the first introduction to Metasploit and its usage, which will be built upon throughout the course.

TCP vs UDP

• TCP

  • Connection-oriented

  • has a handshake

  • used on applications requiring high reliability

  • E.g. HTTP, FTP, Telnet

• UDP

  • Connectionless

  • No handshake

  • used on applications requiring a fast connection

  • E.g. DNS, DHCP, SNMP

3-way handshake

SYN SYN, ACK ACK
SYN SYN ACK RST --reset packet

Don't get bogged down in web exploitation (password spraying, sql injection, XSS, credential stuffing) if they aren't paying for web exploitation.