ABSTRACT
This chapter discusses various methods for enumerating and scanning a target or goal to gain as much information about the live targets on a network as possible. It explores the host discovery, scanning for open ports, service and version detection, OS detection, and bypassing firewalls. The chapter also discusses the some stealth scanning techniques to make hacker scans less noisy. Port scanning is primarily divided into two main categories: transmission control protocol (TCP) scanning and user datagram protocol scanning. Nmap supports a wide variety of scanning methods such as the TCP syn scan and the TCP connect scan. The IDLE scan is a very effective and stealthy scanning technique. The Nmap book discusses a wide variety of techniques used to get firewalls. The techniques are timing technique, fragmented packets, and source port scan, specifying an maximum transmission unit, and sending bad checksums. The timing technique is one of the best techniques to evade firewalls/IDS.
