Once an overall picture (footprint) of a network has been established, the next step is to take that information and probe for useful information about what’s in the network.
What are the objectives of a network scan?
What is the difference between TCP and UDP?
What are the flags used by TCP?
What are the steps involved in fully scanning a network?
What is the most common method for determining live hosts on a network?
- What is a weakness of this method?
What are different types of network scans?
- What are the advantages/disadvantages to them?
What is a common methodology for getting packets past an Intrusion Detection System?
What 2 types of OS Fingerprinting are there?
- What’s the difference between the two?
What is Banner Grabbing?
- What information can you get from it?
What do PenTesters use proxies for?
What is required to spoof an IP address?