we now have a list of the active hosts and their OS's on the network

we want to discover daemons and services on each of the hosts using Port Scanning

• What is a daemon?
• Port scanning is used...
• How can port scanning help for future assessments?
• Ultimate goal of PORT SCANNING:
• What exactly will port scanner do?

🟥 TCP Port Scanner

• TCP Three way handshake [This can happen when a client tries to contact a daemon that is running]
• What happens when client tries to access a daemon that is not running/ running on a different port?
• Check if a port is open or not:

🔴 Stealthier Scans:

• TCP scans will be recorded in the logs because from the application point of view the connection is legitimate. Sys admins will easily detect the scan.
• TCP SYN scans were invented for stealthy scanning
• Nmap sends a SYN packet...

🟩 Scanning with Nmap:

• 3 scan types...

🟢 Different ways to specify nmap targets:

1. type the dns names
2. list out the IP addresses