TCP Flag Definitions
- SYN - The beginning of connection
- ACK - Acknowledgment of a previous packet
- FIN - CLose a TCP Connection
- RST - Abort a connection
nmap
# Scanning a host
nmap -sT -p 21 192.168.1.1 # tcp ping
nmap -sP 192.168.1.1 # ping
nmap -sR 192.168.1.1 # RPC service
sudo nmap -sS 192.168.1.1 # SYN Scan
sudo nmap -sA 192.168.1.1 # ACK Scan
sudo nmap -sF 192.168.1.1 # FIN Scan
sudo nmap -sX 192.168.1.1 # Xmas Scan
sudo nmap -sN 192.168.1.1 # Null Scan to turn off all flags
sudo nmap -sU 192.168.1.1 # UDP Scan, will take time
sudo nmap -sO 192.168.1.1 # Protocol scanning, will take time
sudo nmap -r 192.168.1.1 # disable randomizing ports
sudo nmap -O vm1 # OS Fingerprint (detect OS)
nmap -sP 192.168.1.0/24 # Network scanning
nmap -sP 192.168.1.1-10. # Network scanning
Packet Sniffers
Applications that monitor, filter and capture data packets transferred over network. (libpcap/winpcap is library commonly used by sniffers)
- Network Monitor
- tcpdump
Tools
- Wireshark
- tcpdump/windump
- snort
- suricata
- Zeek
- Kismet
Blackbox Testing
- Pentest, EH
Whitebox Testing
- System Analysis
Tools
Nessus
Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. (Download)
$ sudo service nessusd start
# Reset Nessus Password
/opt/nessus/sbin/nessuscli chpasswd
/opt/nessus/sbin/nessuscli lsuser
Nessus only supports RSA/DSA key types for the authentication.
ssh-keygen -m PEM -t rsa
# or Convert the OPENSSH key to .PEM:
ssh-keygen -p -m PEM -f /path/to/private_key