Thursday, April 10, 2025

Network Scanning: Terms, Tools & Resources

=-=-=-=-=-=-=-=-=-=-=-=-=-=

TERMS & DEFINITIONS

ACK (Acknowledgment): A signal in networking protocols indicating successful receipt of data packets.

Active Scanner vs. Passive Scanner: Active scanners actively interact with endpoints by sending packets, while passive scanners analyze existing network traffic without direct interaction.

Computer Ports: Physical or virtual connection points that allow devices to communicate with external peripherals or networks.

DNS (Domain Name System): Translates domain names into IP addresses, enabling devices to locate websites and services online.

Fing: An app used for scanning networks and identifying connected devices.

HTTP vs. HTTPS: HTTPS encrypts data for secure communication over the web, while HTTP transmits data without encryption.

IP Address: A unique numerical identifier assigned to devices on a network for communication and location purposes.

Java: A programming language used for developing applications across platforms.

LAN (Local Area Network): A network connecting devices within a limited geographic area, such as a home or office.

MAC Address: A hardware identifier assigned to a device's network interface for local communication within a network.

Metadata: Descriptive information about data, such as its source, creation date, or format.

Network Inventory: Cataloging all devices and resources connected to a network for management purposes.

Network Mapping: Visually represents the topology of devices and connections within a network.

Network Scanner: A software tool used to identify devices, services, and vulnerabilities within a network by probing it with packets.

Nmap: A tool for network scanning, including host discovery, port scanning, and service detection.

OS Fingerprinting: Analyzing network traffic or responses to identify the operating system running on a device.

OSI Model: A conceptual framework that defines seven layers of networking to standardize communication between systems.

Penetration Testing: Simulates cyberattacks on systems to identify vulnerabilities and improve security.

Ping Sweep: Sends ICMP requests to multiple IP addresses to identify active devices on a network.

Port Scanning: Probes ports on devices to determine which are open and what services they host.

Randomized MAC Address: A randomized MAC address is a temporary hardware identifier used to enhance privacy by preventing tracking across networks.

Router: A device that connects multiple networks and directs data packets between them using routing tables and protocols.

SSID (Service Set Identifier): The name of a Wi-Fi network broadcast by routers to help devices identify and connect to it.

SYN Scan: Sends TCP SYN packets to detect open ports without completing the handshake process.

Service Detection: Identifies the applications or services running on open ports during network scans.

TCP (Transmission Control Protocol): Ensures reliable communication by establishing connections and verifying data delivery.

TCP vs. UDP: TCP ensures reliable, ordered delivery of data, while UDP provides faster but less reliable transmission.

Timestamps: Record the date and time an event occurred, often used in logs or metadata.

UDP (User Datagram Protocol): Provides faster communication without guaranteeing delivery or order of packets.

Wireshark: A tool for capturing and analyzing network traffic at the packet level.

Yagi Antenna: A directional antenna commonly used for long-range wireless communication.

Zenmap: A graphical user interface for Nmap, simplifying its use for beginners

=-=-=-=-=-=-=-=-=-=-=-=-=-=

TOOLS FOR SCANNING

🛠 Angry IP Scanner

An open-source tool for scanning IP addresses and ports. Official Website & Documentation: https://angryip.org/ YouTube Tutorial: https://www.youtube.com/watch?v=fXRDXm0neQ8 GitHub Repository: https://github.com/angryip/ipscan
 

🛠 Fing

A network scanning tool that identifies devices connected to a network. Official Fing Documentation: https://fing.com YouTube: https://www.youtube.com/watch?v=dATdpV8S25U
 

🛠 Nmap

A tool used for network discovery and security auditing. Official Nmap Documentation: https://nmap.org/book/inst-windows.html YouTube: https://www.youtube.com/watch?v=IoIsTrKrl-0 Nmap Cheat Sheet (GitHub): https://github.com/cheat-sheet/nmap-cheat-sheet
 

🛠 Zenmap

GUI for Nmap that makes network scanning more accessible. Zenmap Official Info: https://nmap.org/zenmap/ YouTube: https://www.youtube.com/watch?v=tZjSOhuvKDg
 

🛠 Wireshark

A real-time packet analyzer used for network troubleshooting and analysis. Wireshark Official Docs: https://www.wireshark.org/docs/ YouTube: https://www.youtube.com/watch?v=Lb-PJl9u3z8 Wireshark: https://www.wireshark.org/
 

🛠 ALFA Wi-Fi Antenna

High-performance devices for boosting Wi-Fi signals. ALFA Network Product Page: https://www.alfa.com.tw/products/ YouTube: https://www.youtube.com/watch?v=mscAhUs1Ihw
 

🛠 Yagi Wi-Fi Antenna

Directional antennas for extended Wi-Fi range. Yagi Antenna Explained: https://www.rfcafe.com/references/electrical/yagi-antenna.htm YouTube: https://www.youtube.com/watch?v=B_QM-uLaxj4 Yagi Antenna Usage: https://unicomradio.com/yagi-antenna/
 

🛠 Hak5 Wi-Fi Pineapple

A pentesting device for Wi-Fi network exploitation and analysis. Hak5 Wi-Fi Pineapple Official Site: https://shop.hak5.org/products/wifi-pineapple YouTube: https://www.youtube.com/watch?v=vU8V_2XAvf8 Wi-Fi Pineapple Documentation: https://docs.hak5.org/wifi-pineapple/
 

🛠 Hak5 Wi-Fi Coconut

A USB sniffing device for analyzing 2.4GHz Wi-Fi signals across all channels. Wi-Fi Coconut Official Page: https://shop.hak5.org/products/wifi-coconut YouTube: https://www.youtube.com/watch?v=8zWj1EOY3iA Wi-Fi Coconut Documentation: https://docs.hak5.org/wifi-coconut/ 
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=

MAC ADDRESS LOOKUP SITES

👀  MAC Address Vendor Lookup

macaddress.io
https://macaddress.io/

👀  MAC Address Lookup

https://maclookup.app/

👀  MAC Address & OUI Lookup & Random Max Address Generator

aruljohn.com
https://aruljohn.com/mac.pl
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=
 

DAUBERT REFRESHER

The Daubert standard governs the admissibility of expert testimony in U.S. federal and many state courts, could apply to investigators using network scanning tools if their methods or conclusions are presented as scientific evidence in legal proceedings. Here's a breakdown of some considerations:

Daubert Standard Overview

Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579, 113 S.Ct. 2786, 125 L.Ed.2d 469 (1993) 

The Daubert standard requires expert testimony to be based on:

  1. Testable and peer-reviewed methodologies.
  2. Known or potential error rates.
  3. Adherence to professional standards.
  4. General acceptance in the relevant scientific community[1][3].

Application to Network Scanning Tools

Network scanning tools are used for vulnerability assessments and cybersecurity investigations. Their admissibility under Daubert would depend on:

  1. Methodological Validity
  • Tools must be proven reliable for their intended purpose. For example, industry-standard tools like Nmap (cited in[4][5]) are generally accepted in cybersecurity, which satisfies Daubert's "general acceptance" criterion.
  • Custom or novel tools would require validation through peer-reviewed research or documented testing[4].
  1. Transparency and Error Rates
  • Tools that generate malformed requests or produce inconsistent results (as noted in[2]) could face challenges under Daubert if their error rates are undocumented.
  • Tools like the mobile network scanner in[5], which underwent performance testing, demonstrate a higher likelihood of meeting Daubert's reliability requirements.
  1. Ethical and Procedural Compliance
  • Daubert may scrutinize whether scanning practices align with ethical guidelines (e.g., avoiding unauthorized data collection). For instance, tools that publish personally identifiable information (PII) without consent, as highlighted in[2], could undermine the credibility of evidence.
 
Practical Daubert Recommendations for Investigators
  • Use industry-standard tools with peer-reviewed validation [4]).
  • Document tool configurations, scanning methodologies, and error rates.
  • Avoid practices that compromise anonymity or generate malformed requests[2].

In summary, while network scanning tools are not inherently excluded from Daubert scrutiny, their admissibility hinges on demonstrating scientific rigor, transparency, and adherence to accepted practices.

Citations:
[1] https://pubmed.ncbi.nlm.nih.gov/22017382/
[2] https://arxiv.org/abs/2412.15696
[3] https://pubmed.ncbi.nlm.nih.gov/17087630/
[4] https://www.semanticscholar.org/paper/d0839ddf68d9e3b7301f783008a9ca53dd592960
[5] https://www.semanticscholar.org/paper/1825589af3fa3249a0dacb8e3f66e63db7bacde5
[6] https://pubmed.ncbi.nlm.nih.gov/36175121/
[7] https://www.semanticscholar.org/paper/9e352b59bbf38d069cc9007d03c60dd49a1a0a9f
[8] https://www.semanticscholar.org/paper/4dd217767ffdd56177a7402b074bfa98bab5f3ef
[9] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11168751/
[10] https://www.semanticscholar.org/paper/bb698ae11d300d1fac9271ca73dcb43441bfbbe1
[11] https://pubmed.ncbi.nlm.nih.gov/10439726/
[12] https://www.semanticscholar.org/paper/d71998cabf60b2ffdb252c5c69e5285607c91c05
[13] https://www.semanticscholar.org/paper/9fc0ae510fcd357ccff9dfbc06f702d8137c78c4
[14] https://pubmed.ncbi.nlm.nih.gov/38637158/
[15] https://www.semanticscholar.org/paper/f322ef79ed3876a9339052c4af3b0cd1c2941c5d
[16] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10942157/
[17] https://www.semanticscholar.org/paper/fbec88de47e1dc34d47d325e983408a7f24f8565
[18] https://www.semanticscholar.org/paper/b4ca0d568a3001f87ef9fc40e2c540f9b657789f
[19] https://www.semanticscholar.org/paper/afe7448f69b3fa0eb28af7f9fd1da20a253c410b
[20] https://www.semanticscholar.org/paper/c3cb5067253ced556a2ced12c80ce051b273d7f1

Dr. Frank Kardasz 

Posted by at
Labels: , , ,

No comments:

Post a Comment

Thank you for your thoughtful comments.

Subscribe to: Post Comments (Atom)