Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT294 Chapter 3

CIT294 Ethical Hacking Chapter 3 Scanning and Enumeration Terms

Scanning first phase of active hacking. Used to identify IP addresses, the operating system in use, and services running on the system.
Port scanning Determines open ports and services
Network scanning ID IP addresses on given network or subnet
Vulnerability scanning discovers presence of known weaknesses on target systems
Well-known ports 0 - 1023
Registered ports 1024 - 49151
Dynamic ports 49152 - 65535
FTP ports 20 and 21
Telnet port 23
HTTP port 80
SMTP port 25
POP3 110
HTTPS port 443
Ping sweep all systems that respond with ping reply are considered live systems. Also known as ICMP scan. Hacking tools include: Pinger, Friendly Pinger, WS_Ping_Pro
Stateful firewall examines the data of the packet as well as the TCP header to allow traffic to flow through
Nmap Free, open source tool that performs ping sweeps, port scanning, service identification, IP address detection, and OS detection. Can scan multiple systems at once.
Nmap port states open, unfiltered, and filtered
Nmap scan TCP connect Attacker makes a full TCP connection to the target system
Nmap scan XMAS tree scan Attacker checks for TCP services by sending XMAS-tree packets which are named because all the “lights” are on, meaning FIN, URG, and PSH flags are set
Nmap scan SYN stealth scan Also known as half-open scanning. Hacker sends SYN packet and receives a SYN-ACK back but never completes the 3-way handshake.
Nmap scan Null scan Advanced scan that may pass through firewalls undetected. All flags are off or not set.
Nmap scan Windows scan This type of scan is similar to ACK scan and can detect open ports
Nmap scan ACK scan This type of scan is used to map out firewall rules. ACK only works on Linux/UNIX
TCP 3-way handshake required before communication can take place when using TCP at the Transport layer. SYN, SYN ACK, ACK
TCP Flag SYN Synchronize. Initiates a connection between hosts.
TCP Flag ACK Acknowledge. Established connection between hosts.
TCP Flag PSH Push. System is forwarding buffered data.
TCP Flag URG Urgent. Data in packets must be processed quickly.
TCP Flag FIN Finish. No more transmissions.
TCP Flag RST Reset. Resets the connection
TCP Scan Tools IPEve, ICMPemun, Hping2, SNMP scanner
War Dialing Process of dialing modem numbers to find an open modem connection that provides remote access to a network for an attack to be launched. Hacking tools include: TCH-Scan, PhoneSweep, TeleSweep
Banner grabbing process of opening a connection and reading the banner or response sent by the application since many email, FTP, and web servers will respond with the name and version of the software.
OS Fingerprinting fingerprinting the TCP/IP stack to determine the OS used. Can be active or passive
Enumeration Process of gathering and compiling user names, machine names, nw resources, shares, and services. Also can refer to actively querying or connecting to a target to get this info.
Null session Occurs when you log in to system with no username or password. Vulnerability found in Common Internet File System (CIFS) or SMB. Hacker can connect using null session and get dump of all usernames, groups, shares, permission, services and more!
SNMP Simple Network Management Protocol
Two types of components SNMP SNMP agent and management station
Created by: Leisac