After obtaining a list of network and IP addresses scanning starts:
- ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger.
- TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged. In Windows use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools.
- UDP port scanning: use WUPS in Windows as shown here.
- countermeasures: detection using active ports (see an example of what it logs). Later we will learn to install an IDS program (snort), the way to protect from ping sweeps and port scanning. NAT is a first step. See more free/shareware security tools here.