Certified Ethical Hacker Exam Prep: Understanding Footprinting and Scanning
This Chapter helps you prepare for the EC-Council Certified Ethical Hacker (CEH) Exam by covering footprinting and scanning. A more detailed list of these items includes the following objectives:
Define the seven-step information gathering process
- The EC-Council divides information gathering into seven basic steps. These include gathering information, determining the network range, identifying active machines, finding open ports and access points, OS fingerprinting, fingerprinting services, and mapping the network.
- The process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment.
Locate the network range
- Locating the network range is needed to know what addresses can be targeted and are available for additional scanning and analysis.
Identify active machines
- The identification of active machines is accomplished by means of ping sweeps and port scans. Both aid in an analysis of understanding if the machine is actively connected to the network and reachable.
Understand how to map open ports and identify their underlying applications
- Ports are tied to applications and, as such, can be registered, random, or dynamic.
Describe passive fingerprinting
- Passive fingerprinting is the act of identifying systems without injecting traffic or packets into the network.
State the various ways that active fingerprinting tools work
- Active fingerprinting tools inject strangely crafted packets into the network to measure how systems respond. Specific systems respond in unique ways.
Use tools such as Nmap to perform port scanning and know common Nmap switches
- Understanding Nmap switches is a required test element. Common switches include -sT, full connect, and -sS, a stealth scan.