Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more
Home / Business & Management / Cyber Security / Advanced Cyber Security Training: Network Security / Scanning Tools and Methodology

Scanning Tools and Methodology

In this video, you will learn about the use of scanning tools to protect your network from attacks.
View transcript
6.8
So some of the type of things that a malicious hacker will try to look for during scans are IP addresses, the type of services you’re running on your network, and vulnerabilities. And let’s take a look at some of the tools that they’ll use. So the first one is Nmap and Zenmap. So this is one of the most popular tools for malicious hackers, security professionals, ethical hackers, and whatnot. So Nmap is a very simple scan that is incredibly powerful. So Nmap is a command line tool, Windows, Linux, OS X, that you can run that will give you a great deal of information potentially. And again, it is a command line tool.
48.8
So if you’re not comfortable with that, you can always use Zenmap, which is part of Nmap. It’s a graphical front end for Nmap. And it’s also for - we’re going to be using that. So it’s a little bit easier to take a look at these type of scans. So let’s take a look at the program. So this is Zenmap. And I’m running this on my Kali Linux virtual machine. Now, in the first part here, we can see the target address. And that’s the target that we’re going to be scanning. So you can enter an IP address. You could enter a series of IP addresses. Or you could enter an entire IP range to scan.
90.3
So that’s one of the things that makes Nmap really powerful. So the other thing we could do is once we enter an IP that we want to scan in here, we could take - you can see the command down in here. This is actually what the Nmap command would look like if we’re going to actually run a particular scan. So if you were going to run an intense scan under Nmap - again, Nmap being the command line version of this program - it would be Nmap space dash capital T 4 dash capital A dash V, and then the IP address. Now, if we click on Profile here, we can see the various scans that we could do.
131.8
We can see intense scans, intense scan plus UDP, intense scan, and all TCP ports, intense scan no ping, ping scan, quick scan, quick scan plus, trace routing, regular scan, slow comprehensive scans. So some of these scans are going to be noisier than others. So a malicious hacker may be very careful and run a very quiet scan.
158.4
Knowing what type of scans to run without alerting someone is going to be very important for a malicious hacker. However, some of the lighter scans that aren’t going to really raise a lot of flags may not always get a lot of information. So we do want to be mindful of this. So let’s continue the video here. So if we click on one of these things, we can see it actually change here. Ping scan is dash sn, and then IP address. Regular scans is Nmap and the IP address. Trace routing.
197.2
And we could do a regular scan. And you can just click the Scan button. Now, the information we get back here, we can see the version of Nmap that we’re running, the time, date. We can see the IP address that we’re scanning. And since we just ran a regular scan, we can see how long it took. All 1,000 ports on this particular IP address, it reports have closed. And the one IP address of the host is up. And we also could take a look at things like port hosts. So if there was an open ports that it found. You can click on here. You can take a look at the topology.
235.5
Not a lot here, because, again, this is my virtual machine. It’s not actually a server somewhere. We take a look at the host details. There’s information here. And we can add comments in here. And then we click on scans. We can take a look at the type of scan that was ran. Or if we ran several scans, we could take a look at all the different scans that we ran, and the IP address we were scanning against.

In this video, you will learn about the use of scanning tools to protect your network from attacks. We will start by looking at the use of Nmap/Zenmap, and in the next step you will learn about other packages you could use.

There are many types of scanning tools available to help you protect your network from attacks. It is important that you select an appropriate tool and that you are then vigilant in using it to regularly scan your network so that you can identify and prevent attacks as quickly as possible.

We will also focus on the use of Nmap/Zenmap as a scanning tool, with a demonstration on how to use this software package.

Reflect and share: Which of the protection approaches discussed in the video have you already been using, and how have you implemented it? Share your comments in the section below.

Want to keep learning?

This content is taken from EC-Council online course
Advanced Cyber Security Training: Network Security
View Course
See other articles from this course
This article is from the online course:

Advanced Cyber Security Training: Network Security

Created by
Join Now
This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
Join Now
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now

Register to receive updates

  • Create an account to receive our newsletter, course recommendations and promotions.

    Register for free