Question

Scanning Tools

1. How does IP protocol scanning work, consider the various type and tools?
2. What are some of the most popular scanner tools and why?

Sniffers

1. Where are sniffers normally placed?
2. What are the components of a sniffer and what are the most popular sniffer and why?

Answer 1

Answer: 1)

IP protocol scanning is a method that allows us to detect which protocol is used by the machine that you are planning on attacking. It is similar yet different from port scanning. Instead of cycling through UDP or TCP port numbers, it goes through IP protocol numbers.

It sends IP packet headers and iterates through the eight-bit IP protocol field. If ICMP unreachable message is sent to the scanner it means the target host does not use that protocol. If there is no reply, it means the target host supports that protocol.

TCP connect scanning, Half-open scanning, UDP scanning, IP protocol scanning, Ping scanning, and Stealth scanning are some type of scanning that exists and the tools needed are open source software such as network mapper (Nmap).

Answer: 2)

1. OpenVAS scanner is a complete vulnerability assessment tool capable to identify security-related threats in the servers and other devices of the network. Its engine is up to date with vulnerability tests.

2. Nexpose Community scanner is able to detect vulnerabilities and perform wide range network checks. It is able to scan for new devices and detect vulnerabilities when they access the network.

3. Wireshark is used in many big corporations, it analyzes the network at a microscopic level. It detects the issues online but it analyzes them offline.

4. There are many more tools out there but the ones listed above caught my attention. Especially Wireshark because they use it at my job

Note: Since we have given limited time to solve the question, So I have solved 1 and 2, please upload remaining separately.

If you have any doubts, or any further explanation leave a comment below and I'll help you out