# Week 5: Scanning Tools & Tactics

**Scanning Tactics** - This lesson will cover common tools in-depth that are used for port scanning including Nmap, Nessus, and Metasploit. The section will introduce readers to using a wide toolset for scanning on penetration tests and provide a deeper understanding of what is going on behind the scenes. For example, the importance of TCP vs UDP scanning, the three-way TCP handshake, stealth scanning, and various Nmap switches. It will also provide the first introduction to Metasploit and its usage, which will be built upon throughout the course.

## TCP vs UDP

* TCP
  * Connection-oriented
  * has a handshake
  * used on applications requiring high reliability
  * E.g. HTTP, FTP, Telnet
* UDP
  * Connectionless&#x20;
  * No handshake
  * used on applications requiring a fast connection
  * E.g. DNS, DHCP, SNMP

### 3-way handshake

```
SYN SYN, ACK ACK
SYN SYN ACK RST --reset packet
```

Don't get bogged down in web exploitation (password spraying, sql injection, XSS, credential stuffing) if they aren't paying for web exploitation.