Introduction

What?

Determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use …

Why?

To find potential initial vulnerable attack vectors.

How?

• War-dialing-driving-flying-shipping

• Live host discovery

• Host discovery with ICMP (ping sweep)

• Host discovery with TCP

• Host discovery with UDP

• Port scanning

• Service and OS detection

• Diving deeper in discovery

• Defence detection

• Stealth scans

• Firewall evasion