Footprinting and scanning tools
This is a selection of footprinting and scanning tools you may wish to install in your MIS Lab machine in order to do the course assignments. You should be very careful in using these tools outside of the Lab. Network administrators do not take lightly the probing of their networks and may respond aggressively to your attempts to gain information about them by using some of these tools. Please note that I am emphasizing Windows tools, but we will see Linux/UNIX tools later.
Sam Spade
Download Sam Spade from this web site and install it. Sam Spade is also a graphical tool which allows you to do DNS interrogation and many other things. The features which make Sam Spade a key security tool are:
- Advanced DNS - DIG tool requests all the DNS records for a host or domain
- Zone Transfer - ask a DNS server for all it knows about a domain
- SMTP Relay Check - check whether a mail server allows third party relaying
- Scan Addresses - scan a range of IP addresses looking for open ports
- Crawl Web site - search a Web site, looking for email addresses, offsite links, download a Web site
- Search IP block - finds the IP block for an organization
Sam Spade also does whois, traceroute, finger and dns lookup.
Pinger
Download Pinger from its ftp location and install it. Pinger is a very fast ping sweeper as shown in class. Once you obtain the IP block of the target organization, you use pinger to see what hosts are active.
SuperScan
Download SuperScan from its new location and install it. SuperScan allows you to scan a range of IP addresses and do TCP port scanning. It can check all ports, or the ones you select. It is a very fast and powerful tool. Once you obtain the active hosts using Pinger you can cut in the time SuperScan will find which ones have active ports.
WUPS
Download WUPS from its Web site and install it. WUPS allows you to check UDP ports, to complement your study of hosts with active ports (TCP plus UDP). WUPS can only do one host at a time, but you can also select what ports to look for. You can see here a list of TCP and UDP ports, but be aware that hackers have been using some unnamed ports for Trojans, backdoors, etc.
TcpView
TcpView is a free tool for Windows that enables you to monitor all open TCP and UDP ports on the local computer. You can download it here. As you can see in this image it shows the open ports, is it litening or a connection is established. If a connection is established with a remote host you can see the remote host IP number, and you can close the connection using it. TCPView is not a Intrusion Detection System, but provides a picture of what is going on in your computer regarding to ports.
We will see, later in the course, how to set IDS and firewall software to attempt to protect your hosts. But, if you cannot wait you can use for your home computers and workstations an individual, free, firewall: ZoneAlarm. Please note that the free version is only for personal and not for profit use, but the commercial (Plus) version is also not expensive at $40. Finally, you can also have free Anti-virus software from Avast.
This page is maintained by Al Bento
who can be reached at abento@ubalt.edu. This page was last updated on February 2, 2012. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.
