# Week 5: Scanning Tools & Tactics **Scanning Tactics** - This lesson will cover common tools in-depth that are used for port scanning including Nmap, Nessus, and Metasploit. The section will introduce readers to using a wide toolset for scanning on penetration tests and provide a deeper understanding of what is going on behind the scenes. For example, the importance of TCP vs UDP scanning, the three-way TCP handshake, stealth scanning, and various Nmap switches. It will also provide the first introduction to Metasploit and its usage, which will be built upon throughout the course. ## TCP vs UDP * TCP * Connection-oriented * has a handshake * used on applications requiring high reliability * E.g. HTTP, FTP, Telnet * UDP * Connectionless * No handshake * used on applications requiring a fast connection * E.g. DNS, DHCP, SNMP ### 3-way handshake ``` SYN SYN, ACK ACK SYN SYN ACK RST --reset packet ``` Don't get bogged down in web exploitation (password spraying, sql injection, XSS, credential stuffing) if they aren't paying for web exploitation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.zacheller.dev/pentest/courses/beginner-network-pentesting/untitled-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.