 |
| Secrets of Network Cartography By James Messer |
Book Title: Secrets of Network Cartography By James Messer
Author's: James Messer
Page's: 152
Table of Contents
INTRODUCTION
• What is nmap?
• Windows Operating Systems and nmap
• Is nmap Good or Evil?
• About This Book
• How This Book is Organized
• Conventions Used in This Book
Chapter 1: THE BASICS
• Internet Protocol
• Transmission Control Protocol (TCP)
• TCP Ports
• The TCP Handshake
• User Datagram Protocol (UDP)
• UDP Ports
• The Non-existent UDP Handshake
• Internet Control Message Protocol (ICMP)
• The Basics of nmap
• The Nmap Scanning Process
• Using nmap from the Command Line
• Nmap Target Specifications
• Privileged Access
• Nmap Support Files
• Locating the Support Files
• Using the Support Files
• nmap-mac-prefixes
• nmap-os-fingerprints
• nmap-protocols
• nmap-rpc
• nmap-service-probes
• nmap-services
Chapter 2: NMAP SCANNING TECHNIQUES
• Nmap Scan Summary
• TCP SYN Scan (-sS)
• TCP connect() Scan (-sT)
• Stealth Scanning – The FIN Scan (-sF), Xmas Tree Scan (-sX), and Null Scan (-sN)
• The FIN Scan (-sF)
• The Xmas Tree Scan (-sX)
• The Null Scan (-sN)
• Stealth Scanning Summary
• Ping Scan (-sP)
• Version Detection (-sV)
• UDP Scan (-sU)
• IP Protocol Scan (-sO)
• ACK Scan (-sA)
• Window Scan (-sW)
• RPC Scan (-sR)
• List Scan (-sL)
• Idlescan (-sI <zombie host:[probeport]>)
• How Idlescan REALLY Works
• Idlescan Preparation
• Deconstructing the Idlescan Process
• Idlescan Summary
• FTP Bounce Attack (-b)
• FTP Bounce Attack Operation
• FTP Bounce Attack Summary
Chapter 3: NMAP'S PING OPTIONS
• Ping Options
• ICMP Echo Request and TCP ACK Ping (-PB)
• ICMP Echo Request Ping (-PE)
• TCP ACK Ping ( -PA [portlist] )
• TCP SYN Ping ( -PS [portlist] )
• UDP Ping ( -PU [portlist] )
• ICMP Timestamp Ping (-PP)
• ICMP Address Mask Ping (-PM)
• Don't Ping Before Scanning (-P0)
• Require Reverse DNS (-R)
• Disable Reverse DNS (-n)
Chapter 4: OPERATING SYSTEM FINGERPRINTING
• Operating System Fingerprinting (-O) Operation
• The nmap-os-fingerprints Support File
• nmap-os-fingerprints: Fingerprint
• nmap-os-fingerprints: Class
• nmap-os-fingerprints: TSeq
• TSeq: The Class Attribute
• TSeq: The IPID Attribute
• TSeq: Timestamp Option Sequencing
• nmap-os-fingerprints: Test 1 (T1) through Test 7 (T7)
• The T1 to T7 Attributes
• nmap-os-fingerprints: The Port Unreachable Test (PU)
• The Operating System Fingerprinting Process
• Advantages of Operating System Fingerprinting
• Disadvantages of Operating System Fingerprinting
• When to use Operating System Fingerprinting
• Limit Operating System Scanning (--osscan_limit)
• More Guessing Flexibility (--osscan_guess, --fuzzy)
• Additional, Advanced, and Aggressive (-A)
Chapter 5: HOST AND PORT OPTIONS
• Exclude Targets (--exclude <host1 [,host2] [,host3]...>)
• Exclude Targets in File (--excludefile <exclude_file>)
• Read Targets from File (-iL <inputfilename>)
• Pick Random Numbers for Targets (-iR <numhosts> )
• Randomize Hosts (--randomize_hosts, -rH)
• No Random Ports (-r)
• Source Port (--source_port or -g)
• Specify Protocol or Port Numbers (-p <port range>)
• Fast Scan Mode (-F)
• Create Decoys (-D <decoy1 [,decoy2][,ME],...>)
o The Danger of Decoy-Initiated SYN Floods
• Source Address (-S<IP_address>)
• Interface (-e <interface>)
Chapter 6: LOGGING OPTIONS
• Normal Format (-oN <logfilename>)
• XML Format (-oX <logfilename>)
o Stylesheet (--stylesheet <filename>)
o No Stylesheet (--no-stylesheet)
• Grepable Format (-oG <logfilename>)
• All Formats (-oA <basefilename>)
• Script Kiddie Format (-oS <logfilename>)
• HTML Format (-oH)
• Resume Scan (--resume <logfilename>)
• Append Output (--append_output)
Chapter 7: REAL-TIME INFORMATION OPTIONS
• Verbose Mode (--verbose, -v)
• Version Trace (--version_trace)
• Packet Trace (--packet_trace)
• Debug Mode (--debug, -d)
• Interactive Mode (--interactive)
• Noninteractive Mode (--noninteractive)
Chapter 8: TUNING AND TIMING OPTIONS
• Nmap Packet Tuning
o Time to Live (--ttl <value>)
o Use Fragmented IP Packets (-f, -ff)
o Maximum Transmission Unit (--mtu <databytes>)
o Data Length (--data_length <databytes>)
• Nmap Timing Options
o Host Timeout (--host_timeout <milliseconds>)
o Round Trip Time
• Initial Round Trip Time Timeout (--initial_rtt_timeout)
• Minimum Round Trip Time Timeout (--min_rtt_timeout)
• Maximum Round Trip Time Timeout (--max_rtt_timeout)
o Parallel Host Scanning
• Maximum Parallel Hosts per Scan (--max_hostgroup)
• Minimum Parallel Hosts per Scan (--min_hostgroup)
o Parallel Port Scanning
• Maximum Number of Parallel Scans (--max_parallelism)
• Minimum Number of Parallel Scans (--min_parallelism)
o Delay
• Minimum Delay Between Probes (--scan_delay)
• Maximum Delay Between Probes (--max_scan_delay)
o Timing Policies (-T)
Chapter 9: WINDOWS-ONLY OPTIONS
• Help for Windows (--win_help)
• List All Network Interfaces (--win_list_interfaces)
• Disable Raw Socket Support (--win_norawsock)
• Try Raw Sockets Even on non-W2K Systems (--win_forcerawsock)
• Disable WinPcap Support (--win_nopcap)
• Test NT 4.0 Route Code (--win_nt4route)
• Test Response to Lack of iphlpapi.dll (--win_noiphlpapi)
• Trace Through Raw IP Initialization (--win_trace)
• Skip Windows IP Initialization (--win_skip_winip_init)
Chapter 10: MISCELLANEOUS OPTIONS
• Quick Reference Screen (--help, -h)
• Nmap Version (--version, -V)
• Data Directory (--datadir)
• Quash Argument Vector (-q)
• Define Custom Scan Flags (--scanflags[flagval])
• (Uriel) Maimon Scan (-sM)
• IPv6 Support (-6)
Chapter 11: USING NMAP IN THE "REAL WORLD"
• Identifying the Remnants of a Virus Outbreak or Spyware Infestation
• Vulnerability Assessments
• Security Policy Compliance Testing
• Asset Management
• Firewall Auditing
• Perpetual Network Auditing
Comments
Post a Comment