Skip main navigation

Scanning Tools and Methodology

In this video, you will learn about the use of scanning tools to protect your network from attacks.
6.8
So some of the type of things that a malicious hacker will try to look for during scans are IP addresses, the type of services you’re running on your network, and vulnerabilities. And let’s take a look at some of the tools that they’ll use. So the first one is Nmap and Zenmap. So this is one of the most popular tools for malicious hackers, security professionals, ethical hackers, and whatnot. So Nmap is a very simple scan that is incredibly powerful. So Nmap is a command line tool, Windows, Linux, OS X, that you can run that will give you a great deal of information potentially. And again, it is a command line tool.
48.8
So if you’re not comfortable with that, you can always use Zenmap, which is part of Nmap. It’s a graphical front end for Nmap. And it’s also for - we’re going to be using that. So it’s a little bit easier to take a look at these type of scans. So let’s take a look at the program. So this is Zenmap. And I’m running this on my Kali Linux virtual machine. Now, in the first part here, we can see the target address. And that’s the target that we’re going to be scanning. So you can enter an IP address. You could enter a series of IP addresses. Or you could enter an entire IP range to scan.
90.3
So that’s one of the things that makes Nmap really powerful. So the other thing we could do is once we enter an IP that we want to scan in here, we could take - you can see the command down in here. This is actually what the Nmap command would look like if we’re going to actually run a particular scan. So if you were going to run an intense scan under Nmap - again, Nmap being the command line version of this program - it would be Nmap space dash capital T 4 dash capital A dash V, and then the IP address. Now, if we click on Profile here, we can see the various scans that we could do.
131.8
We can see intense scans, intense scan plus UDP, intense scan, and all TCP ports, intense scan no ping, ping scan, quick scan, quick scan plus, trace routing, regular scan, slow comprehensive scans. So some of these scans are going to be noisier than others. So a malicious hacker may be very careful and run a very quiet scan.
158.4
Knowing what type of scans to run without alerting someone is going to be very important for a malicious hacker. However, some of the lighter scans that aren’t going to really raise a lot of flags may not always get a lot of information. So we do want to be mindful of this. So let’s continue the video here. So if we click on one of these things, we can see it actually change here. Ping scan is dash sn, and then IP address. Regular scans is Nmap and the IP address. Trace routing.
197.2
And we could do a regular scan. And you can just click the Scan button. Now, the information we get back here, we can see the version of Nmap that we’re running, the time, date. We can see the IP address that we’re scanning. And since we just ran a regular scan, we can see how long it took. All 1,000 ports on this particular IP address, it reports have closed. And the one IP address of the host is up. And we also could take a look at things like port hosts. So if there was an open ports that it found. You can click on here. You can take a look at the topology.
235.5
Not a lot here, because, again, this is my virtual machine. It’s not actually a server somewhere. We take a look at the host details. There’s information here. And we can add comments in here. And then we click on scans. We can take a look at the type of scan that was ran. Or if we ran several scans, we could take a look at all the different scans that we ran, and the IP address we were scanning against.

In this video, you will learn about the use of scanning tools to protect your network from attacks. We will start by looking at the use of Nmap/Zenmap, and in the next step you will learn about other packages you could use.

There are many types of scanning tools available to help you protect your network from attacks. It is important that you select an appropriate tool and that you are then vigilant in using it to regularly scan your network so that you can identify and prevent attacks as quickly as possible.

We will also focus on the use of Nmap/Zenmap as a scanning tool, with a demonstration on how to use this software package.

Reflect and share: Which of the protection approaches discussed in the video have you already been using, and how have you implemented it? Share your comments in the section below.

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education