Tải bản đầy đủ
If you are using the Demo version of NetScan Tools Pro, then click Start the DEMO

If you are using the Demo version of NetScan Tools Pro, then click Start the DEMO

Tải bản đầy đủ

Module 03 - Scanning Networks

_ - n |

test • NetScanTools* Pro Demo Version Build 8-17-12 based on version 11.19
file

— IP version 6 addresses
have a different format
from IPv4 addresses and
they can be much longer or
far shorter. IPv6 addresses
always contain 2 or more
colon characters and never
contain periods. Example:
2 0 0 1 :4 8 6 0 :b 0 0 6 :6 9
( i p v 6 . g o o g l e . com)
o r : : 1 (in te rn a l
lo o p b a c k a d d r e s s

Eflit

A«es51b!11ty

View

IP«6

V

-

Help

Wefccrwto NrtScanToobePiJ [ W o Vbtfen 11 TH1 «a n a d r r o r o < k > * •r e * T00“i Cut
Th■ duro carrnot be cj>« vt»>0 to a U v * d c n

to d i hav• nir or luiti

H m x x d '•o n ■hr A J o i^ e d cr Vtao.a la d s cr 10311 groined by fm d ia n on the k ft panel
R03 iso- root carract :‫ «־‬ta‫״‬oet. orwn icon :coa I 8!en to noucrktniffc.
ttu ; icon tooo ‫ * ® •ו‬we• y o j oca sy*em. end groy !con 100b contact ihid party
Fleet ' i t FI '«&, to vie‫ ״‬er a n d tia i

Automated tools
M3nu3l tool: 13III
fw o rn e tools
*LCrre Dttcover/tools
Pass ‫״‬re 0‫ י‬scow 1y ro ols

Otis 0015 ‫ז‬
P 3«et le v * tools
tx t m u l tools
pro otam into

FIGURE 7.4: Main window of NetScan Tools Pro

7. Select Manual Tools (all) on the left panel and click ARP Ping. A
window will appears few inform ation about die ARP Ping Tool.
8. Click OK
test
File

fd it

A<
V irw

NetScanToois® Pro Demo Version Build 8 17 12 based o r version 11.19

IPv6

‫־היד‬°• - ‫ז‬

MHp

Klrt'iianTooltS P io 'J
Automata!! Tool

A b o u t th e A R P P in g T o o l

Manual Tool( Ml








£ 7 Arp Ping is a useful
tool capable of sending
ARP packets to a target IP
address and it can also
search for multiple devices
sharing the same IP address
on your LAN

use th is to o l to "PiMti‘ an IPv4 address o n y o u r s u b n e t usino a r p paefcrts. •se !r on your
L A N to find the 1a4>: ' a tkne o ' a device to an ARP_REQl)EST jacket evai if ‫ «יכ‬d&r ce s hidden and
does not respond to ‫־׳‬egu a P n g .
A R P P in a re q u ire * , ‫ ג‬t a r g e t I P v 4 address on your LA N .
D o n 't m is s t h i s s p e c ia l f e a t u r e in t h i s t o o l: Identify d u p licate IPv4 add ress b y ‘sin g in g ‘ a s s e c f ic
IPv4 add ress. If m ore th 2 - Gne d e v ic e ( tw o or rrore MAC addresses} responds, y o u are sh o w n th e
m a c add ress o f e ec h o f t h e d e u c e s .
D o n 't f o r g e t to r!ght d k * in t h e results for a m en u w ith m ore option s.

im
ARP Scan (MAC

Ua

D em o I im ita tio n s



None.

ij

Ca«h« F m n it d


C0* n « t» 0rt Monrt.
PjvA111 vc Dhccnrcry To‫׳‬
P iss ‫״‬re Oacovety T«

orisroots
P3c«1Leveltool:
bcemai toots
Pro 0r3m Into

| (
FIGURE 7.5: Selecting manual tools option

9. Select the Send B roadcast ARP, then U nicast ARP radio button, enter
the IP address in T arget IPv4 A ddress, and click Send Arp

C E H L ab M an u al P ag e 145

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

test
File

Q Send Broadcast ARP,
and then Unicast ARP this mode first sends an
ARP packet to the IPv4
address using the broadcast
ARP MAC address. Once it
receives a response, it sends
subsequent packets to the
responding MAC address.
The source IP address is
your interface IP as defined
in the Local IP selection
box

Fdit

Accessibility

View

,- ! ‫ ״‬s i

NetScanTools® Pro Demo Version Build 8 17 12 based on version 11.19

IPv6

Help

Automated Tools

U9e ARP Padtets to Pnc
an [Pv« adjfc55 on ya r

►.Unual Tools lalf)

subnet.

E

Send & 0‫־‬acc35T ARP, then in to s t ARP
D upi:a ;es S-‫־‬c ‫מ‬

O send B-oaCcae: arp cnly

(f:00.00
Ol^FAa*

O Se*th for Dipicate IP Addesoss

U

iendArc

u

u

index

ip

0

1 0.0.0.1
10.0.0.1
10.0.0.1

‫־‬
-

10.0.0.1
10.0.0.1
10.0.0.1



Stop

1
2

N j r b n to Send

3

A flP ?c«
■ann |M
|MA£
A C i< ‫ ״‬n)

4
5

Cache Forensic!

cvcte Tne (ms)

I“00 EJ
Co‫ ״‬n«t»on M onitor |v |

WnPcap I‫״‬Tcrfe
Fawonte Tooli
Aa!re DHtovery Tool!
Pj1 1 !x< Oiiovcry Tooli

trte m ji looit

mac

A ddress

•• • * ♦
< * ♦
- ■+

R esponse T ine (a se c i

-

-

•• — ♦

10.0.0.1

-

*• • * <»

1 0 .0 .0 .1

3

1 0 .0 .0 .1

••» •‫'־ ♦•־‬
- •••« » ♦

10

1 0 . 0 .0 . 1

11

10.0.0.1
10.0.0.1

-

10.0.0.1
10.0.0.1

••••••» « ♦ ‫״‬


1 0 . 0 .0 . 1

13
14
15

P a « « level rools

A ddress

f
‫ל‬
8

12

O t« Tools

Report?
Q Add to Psvorftac

Target IPva A adett

ARP Ping

‫ ® ו * ג‬To Aa tom* ted |

-

a. ■* <» ♦

cc 0.0 0 2 6 4 9
cc :.o ::» to
ce 0.0 0 3 3 1 8

Type
B road cast
U n ic a st

OnI c a a t

cc
cc
cc
cc
cc

0.002318

U n ic a st

0 .0 :6 9 * 3

ur.ic a a t

0.0 0 7 6 1 5

Cr.l e a s t

O.OC25IC

Cr.I c a a t

0.00198C

(In ic a a t

cc
cc
cc
cc
cc

o.ooiess
0.0:2318

Onicaat
Ur.ica a t

0 .0 :2 6 * 9

U r.icaat

0 .0 :2 6 4 9

tin ic a a t
(Tnic a a t

cc
cc

0.0 0 2 3 1 8

U n iea a t

:.0 : 2 6 4 9

V n ica a t

0.002318

1 0 . 0 .0 . 1

Cr. ic a a t

f*‫־‬coram Into

FPuiger 7.6: Result of ARP Ping

10. Click ARP Scan (MAC Scan) in the left panel. A window will appear
with inform ation about the ARP scan tool. Click OK
test - NetScanTools® Pro Demo Version Build 8-17-12 based on version 11.19
File

Fdit

Accessibility

View

IPv6

Help

1al Tools • ARP Pti• y J

Automated Toot

‫ ש‬ARP Scan (sometimes
called a MAC Scan) sends
ARP packets to the range
of IPv4 addresses specified
by the Start and End IP
Address entry boxes. The
purpose of this tool is to
rapidly sweep your subnet
for IPv4 connected devices.

A bou t the A R P Scan T ool




y

Use U ib tool lo send an ARP RoqiM&t to evury IPv4 addrtsA on your LAN. IPv4 connected
devices cswtrt Arts from ARP . K u n and mu»t rupond with th«f IP •nd MAC *d fir•* •.
Uncheck we ResoKre f>5 box for fssrti scan co‫׳‬rp i« o n ome.
Don't Cornet to 1io : d tk n the 1e>ute for a menu with moio options.
mo L im ita tio n s .

p•‫־‬

Hone.

oadcaat

ARPStan 1mac sea

ic a a t
le a st
le a st
lea se

Ca
ic a st

ic a a t
le a st
le a st

ica at
e a st!

A ttn * Uncovery 10

ea st!

relive l>K0v»ryl«

le a s t
ic a a t

Tool

FIGURE 7.7: Selecting ARP Scan (MAC Scan) option

11. Enter the range o f IPv4 address in Starting IPv4 A ddress and Ending
IPv4 A ddress text boxes
12. Click Do Arp Scan

C E H L ab M an u al P ag e 146

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

test
File

Edil

Accembility

View

‫י ־־ “ ־ היו‬

NetScanTools* Pro Demo Version Build 8-17 12based0nvefs»0n !1.19

IPv6

Help

Manual Too 4 - ARP Scan (MAC Stan) $
i i / t o n a t e d Toots
U9e thE tod a fine al
active IPv4 d rie rs o‫י׳‬
you! n im -t.

Manual Tools lalf)

Adsnocc

Staroic F v 4 Acerea‫־‬

| :0 . 0
&v4ngIPv4Adjress

[ J j ‫׳‬p 0 ‫ ־‬A 1 2 r a a l

I ]Addts^avaKat
ip v i M . . .

ARP Ping

‫־‬ar The Connection
Detection tool listens for
incoming connections on
TCP or UDP ports. It can
also listen for ICMP
packets. The sources of the
incoming connections are
shown in the results list and
are logged to a SQLite
database.

w e Adflreofl

1 0 .0 .0 .1

0(

1 0 .0 .0 .2

EC .

‫׳‬

« - ...

r / r M 4 n u r * c f3 r e r

E ntry Type

l>5c•!

1

d yr.arie

10 . 0.0

vm -M SS C L .

dynaxac

1 0 .0 .0

B c tta M C

n e t;ca r, la c .
&»11 la c

iVnPcwInterfaxS'

A«P*can(M
can (MAC
AC5
I 10.0.0.7

u

Scon OSsy T n c {•>»)

Cache forensic(

(IZZ₪
0 Resolve P s

Connection Monitor
FawxKe Tools
Active Discovery Tool!
P^iiixe Discovery Too 11
o tis roois
PSCttt LCV(I Tools
exttmai toon

‫פב‬

»0‫־י‬gram into

FIGURE 7.8 Result of ARP Scan (MAC Scan)

13. Click DHCP Server Discovery in the left panel, a window will appear
with inform ation about D H C P Server Discovery Tool. Click OK
f*:

test - NetScanTools® Pro Demo Version Build 8-17-12 based on version 11.19
f4 e

Ed*

Accessibility

View

IPv6

!‫־‬

n '

*

H e#

RPSean tMAC Son,
*u»0*n8ted lool
M anual 10011 tall

About Hit* DHCP Sorv 1*f Discovery Tool


Cat ha Forrniict


Connection Monitc

LJ DHCP is a method of
dynamically assigning IP
addresses and other
network parameter
information to network
clients from DHCP serv.



U se U i b 1 004 t o j i t n n i y t o u t e DHCP a a n r o r s ( IP v 1 o n l y ) o n y o u r lo c a l n e t w o r k . It ifto m th«
P addrau and
k « : ‫־‬g» * » b «n g landed o u t by DHCP
Ih i t too! a n a to find unknown
or rooue' DHCP * r v e rj.
D o n 't I o t g e t to rig h t d c k n th« results for a menu with more options.

Dano limitations.


N one.

c r y T ype

lo c a l

n a x le

1 0 .0 .0

n a x ic

1 0 .0 .0

O K P S f w r O ucorc

a

DNS>Tools-core
T00IS - ‫י‬

J
P n tn r Ditcaveiy Tc
P « l r l level Tool
External Too 11

FIGURE 7.9: Selecting DHCP Server Discovery Tool Option

14. Select all the Discover Options check box and click Discover DHCP
Servers

C E H L ab M an u al P ag e 147

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

test - NetScanTools* Pro Demo Version Build 8-1 7-12 based o r version 11.19

I
V

Aurc mated To 015
Fnri DHCP Servers an f a r

Q NetScanner, this is a
Ping Scan or Sweep tool. It
can optionally attempt to
use NetBIOS to gather
MAC addresses and
Remote Machine Name
Tables from Windows
targets, translate the
responding IP addresses to
hostnames, query the target
for a subnet mask using
ICMP, and use ARP
packets to resolve IP
address/MAC address
associations

Add Itoie

For Hdo. p‫׳‬-e£8 F :

IM A

*rtonoted

Cache F o renjio
Ode or mtrrfacc bdow then crcos Discover

B

Discover ( X P Server*

.:n n c c to n Monitor

TM

A d d re ss

KIC A ddreas

1 0 .0 .0 .7

Stop

L. A

A

«» I I

QAddtoP®»flnre5

I n t « r f « r • D e s c r ip tio n
iD

H y p e r-V V i r t a • ! E t h e r n e t A d a p te r #2

W a t Time (sec)

DHCP S«1 1 » ‫ ׳‬Discovery

a

DiscouB0 ‫?־‬H3n t

DIIS T o o k - Coie
!

‫ ׳ י‬H05tn 3r 1e
V Subnet M5*r
V‫ ׳‬D o n o r ftairc

a

DMSloo's ■Advanced

R sxordnc DHCP Servers
EHCr S e r v e r I P

S e r v e r Hd3 L n oM

O ffe re d I ?

O f f e r e d S u b n e t Mask

IP A d d re ss I

1 0 .0 .0 .1

1 0 .0 .0 .1

10. 0. 0. 2

‫ י‬SS. 2 SS. 2 SS. 0

3 days, 0 :0 (

‫ ׳י‬d n s p
‫ ׳י‬Router P
fa* KTP Servers

FiwoiiU Tools
APaislv* Discovery Tools
DNS Too 11
C rrtl Tooli
W * ‫ *וזז‬Tools
Pioqrtm Inro

FIGURE 7.10: Result of DHCP Server Drscovery

15. Click Ping sc a n n e r in the left panel. A window will appear with
inform ation about Ping Scanner tool. Click OK
test NetScanTools® Pro Demo Version Build 8-17-12 based on version 11.19
F8e

EdK

Atcesiiblfity

A

j . j A I C

V ltw

IPv6

H«tp

WtKOIM
AUtOIMt«J To Oh

N ttS u n T o o ii* P!o S?

A b o u t th e P in g S c a n n e r (a k a N e tS c a n n e r) lo o l

M jn g jl T00K (411

Rngm
ErvurKcJ
m
fir,
a
g - Graphi cal

£0 Port Scanner is a tool
designed to determine
which ports on a target
computer are active Le.
being used by services or
daemons.



u se r i m r o d ro p m g a ra n o e o r l m o f IP v 4 add resses. this tool shows you
ch co m puw ‫ ׳‬s
are acOve w tJiir! ? 0 * 106, h t ( : r e » hav« to ra p o n d to p ing). Uso it *vith an* u t o f
F
a d f lf « s « . To **e a fl ee*‫ ׳‬c*s n your subrtrt indudmg trios*blocking ping, you can j m u m ARP S o n
tool.
Y o u can ■ n p o rt a t e x t lest o f IP v 4 ad d resses t o p m g .



D o n 't mres th is s p w a l f e a tu r e m th is t o o k use the Do SMB/NBNS Scan to per NetBIOS r« o o m « 5
fiom unprotected W in d o * * corrput&s.
D o n 't f o r g e t td n g h t d!dc m th e results for a menu with more opaons.



D em o Im ita tio n s .

P a c k e t D elay ( tim e b e tw e e n s e n d in g ea ch p m g ) is lim ite d t o a lo w e r tam t o f SO
nulliseconds. P a rk e r D elay can b e a s lo w a s ze ro ( 0 ) m s m t h e f i l l ve rs io n . In o t h e r w o rd s ,
t h e fu ll ve rs io n w i b e a b it fa s te r.

Port Scanner

.J

P’ o a m u o in M od f *><«

ravontc toon
Dticovery!0‫׳‬
Discovery10
DNS 10011

Mint

P x te t L trti tooii

Tools
°rooram inro

FIGURE 7.11: selecting Ping scanner Option

16. Select the Use Default System DNS radio button, and enter the range
o f IP address in S tart IP and End IP boxes
17. Click S tart

C E H L ab M an u al P ag e 148

E th ica l H a c k in g an d C o u n term easu res Copyright O by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

----«e

test - NetScanTools * Pro Demo Version Build 8-17-12 based o r version 11.19

6dK

Accessibility

View

IPv6

Aurc mated To 015
Start iP

©

CQ Traceioute is a tool that
shows the route your
network packets are taking
between your computer
and a target host. You can
determine the upstream
internet provider(s) that
service a network
connected device.

EndJP

10.0.0.:

‫׳י‬

10.0.0.S0

-

‫ח ח‬

IH

|‫ ' •׳‬Lke Defadt System DN5j
O Use Specific DNS:
vll*

F a Hdp, press F1

AKANrtSeannw
H ostnam e

1 0.5.0.2
10.0.0.5

tnK‫־‬KS3ELOUK41
my:-UQM3MRiR«M

0
0

0:0 tchs toply
0:0 Ech s taply

1 0 .0 .0 .7

WIN-D39HRSHL9E4

0

0:0 Echs Reply

10.0.0.1 ?
0 ResolveTPs

Time ( M |

□ *5
T a r g e t IP

0

S tA to a
0:0 t e a : s c p i v

MSttp.0/.255W l

Port Scanner

Addtbnal Scan Tests:

m

1 103 I oca

P r o » u c u o u 5 M o d e S
ARP Seen

□ 0 3 S*‫׳‬E .fc8\S Scar

FaroiK• Tools

□ Do Sulnel M a i: Sea‫!־‬

Attfci* Oil cover? Tools
EnaSfc Post-Scan
M O b lg o f
Msn-decso'dns Ps

P a is ** Discovery Tools
DNS Too 11

| irw:»vu«:

S* ‫׳‬J «I L*vtl Tool I
M * 1nal Tools

I

Pfogr•!* Info

Oeof Imported tm

FIGURE 7.12: Result of sail IP address

18. Click Port sc a n n e r in the left panel. A window will appear with
inform ation about die port scanner tool. Click OK
F

-_lnl

test NetScanTool‘ $ Pro Demo Version Build 8-17-12 based on version 11.19
F ie

Ed 11

Accembilrty

View

IPv6

x ‫ך‬

Help

ri i h 3■‫>ב‬I^
WeKom*
Automated T0011

u n n ti/N e tS u n n ei 9

\

A b o u t th e P o r t S c a n n e r 1 ool

M«nu«ITouU Iall

NEVER SCAN A COMPUTER YOU DO NOT OWN OR HAVE THE OWNER’ S PERMISSION TO SCAN.
PW0 tnnanced

Whois is a client utility
that acts as an interface to a
remote whois server
database. This database
may contain domain, IP
address or AS Number
registries that you can
access given the correct
query

use rtm ‫ז‬ool to scan
fcstening).



l y p e s o f s c a n n in g s u p p o r t e d : ‫״‬ull C on n ec t TCP Scan ( s e e n o te s b e lo w } . U 0P port u 'r e o c h a sle



P nq Scanner

u

P 0 1 » K U 0 u t M ode ‘

sc a n , c om b ined TCP ful c o r r e c t and UOP scan, TCP SYN o n ly scan and t c p OT^er s o n .
D o n 't m is s t h is s p e c ia l l e d t u r e in t h ' s t o o l: After a target h as b een sca n n ed , an a ‫ ״‬alf s s .v in e o w
w ill o p e n in > o u r O eh J t w e b brow ser.
D o n 't f o r g e t ‫ מז‬n g h t c*
Notes: settings that strongly affect scan speed:



Port Scanner

1 target for icp or ‫ *וגווו‬ports that .‫ מור‬listening (open with senna*






Com e::ton Timeout use 200 c* less on a fa st network correction yjdhneaiby cor‫״‬p . t e i . _ * 3
more on a d a u : conneoo‫־׳‬
W ot After Connect - J i s c- ►‫י‬
‫ י‬0 « long each port test w aits before deoting thot ih ; port is ,‫־‬o r a o e .
setflnebv settee* ccmccxns. Try 0, (hen (ry lire. Notice the dfferexe.
SfetU1» ° ‫־‬
M G m e c jir *

) 3003 ‫ ־‬seconds) or

Domo KmlUtlons.
• Hone.

FIGURE 7.13: selecting Port scanner option

19. Enter the IP Address in the T arget H ostnam e or IP A ddress field and
select the TCP Ports only radio button
20. Click Scan Range of Ports

C E H L ab M an u al P ag e 149

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited