Footprinting is a technique used to gather as much information as possible about a target network, victim, or system. It aids hackers in several ways to compromise a companyโs infrastructure.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
3. Reconnaissance Techniques
Reconnaissance is the initial step that every ethical hacker follows.
Reconnaissance is a method of gathering all the important information about
our target system and network.
The ethical hacker follows the below steps to gather the maximum information
about the target:
> Collect the initial information
> Determine the range of the network
> Identi๏ฌes the active machines
> Identi๏ฌes the access ports and open ports
> Fingerprint the operating system
> Uncover services on ports
> And ๏ฌnally, map them.
www.infosectrain.com | sales@infosectrain.com 02
DOMAIN 2
Reconnaissance Techniques
In this blog, we will discuss the 2nd
domain of CEH,
which is โReconnaissance Techniquesโ
4. Types of Reconnaissance
www.infosectrain.com | sales@infosectrain.com 03
DOMAIN 2
Reconnaissance Techniques
There are two types of reconnaissance:
Passive reconnaissance
Passive reconnaissance is the process of gathering information about a
target computer or network without actively using it. Itโs a way to acquire
data about a victim without making them aware of it. Ethical hackers use
tools like Shodan and Wireshark to perform passive reconnaissance.
Active reconnaissance
Active reconnaissance is a process of gathering information by directly
engaging with the target system. Ethical hackers can perform active
reconnaissance by using different tools like Netcat, Ping, and Traceroute.
This recon is faster and accurate; simultaneously, the chances of getting
detected are also very high because the ethical hacker is directly interacting
with the target system.
5. www.infosectrain.com | sales@infosectrain.com 04
Reconnaissance Techniques
DOMAIN 2
Reconnaissance Techniques
There are three reconnaissance techniques:
> Footprint and reconnaissance
> Scanning networks
> Enumeration.
6. 01
www.infosectrain.com | sales@infosectrain.com 05
Footprint and Reconnaissance
Footprinting is a technique used to gather as much information as possible
about a target network, victim, or system. It aids hackers in several ways to
compromise a companyโs infrastructure. The security posture of the target
may also be determined using this kind of penetration testing.
Footprinting can be done passively or actively. Passive footprinting, such as
looking at a companyโs website and collecting information, active footprinting,
such as using social engineering techniques to access sensitive data.
During this phase, ethical hackers will collect information like:
> IP addresses
> Domain name
> Employee information
> Namespaces
> E-mails
> Phone numbers
DOMAIN 2
Reconnaissance Techniques
8. 02
www.infosectrain.com | sales@infosectrain.com 07
Network Scanning
Network scanning identi๏ฌes active ports, hosts, and the various services used
by the target application. For example, assume you are an ethical hacker and
trying to ๏ฌnd weak points in the application. You use network scanning to ๏ฌnd
out those points.
In simple terms, to hack a network, youโll need to discover a weak point in the
system that can be exploited. Such network nodes can be located by
performing a Network Scanning operation.
The difference between Reconnaissance and Network
Scanning :
Assume you are a police of๏ฌcer and are planning to ๏ฌnd some criminal. First of
all, you will gather all the information about the criminals like name, location,
and daily routine, which is called reconnaissance. Then you will ๏ฌnd an entry
point to enter into his home to attack him, and the process of ๏ฌnding the entry
point is called network scanning.
DOMAIN 2
Reconnaissance Techniques
9. Port scanning:
Port Scanning, as its name suggests, ๏ฌnds out which ports are active on the
network. Scanners transmit client requests to a range of ports on the target
network and then store the details of the ports that respond to the requests. In
this way, active ports are discovered.
There are various types of port scanning. They are:
> TCP scanning
> SYN scanning
> UDP scanning
> ACK scanning
> Window scanning
> FIN scanning
DOMAIN 2
Reconnaissance Techniques
www.infosectrain.com | sales@infosectrain.com 08
Types of Network Scanning :
10. DOMAIN 2
Reconnaissance Techniques
www.infosectrain.com | sales@infosectrain.com 09
Vulnerability scanning:
An ethical hacker uses vulnerability scanning to ๏ฌnd out the weaknesses in the
network. This identi๏ฌes vulnerabilities that are caused by inappropriate
programming or miscon๏ฌgured networks.
11. 03
Enumeration
Enumeration is described as the procedure by which the user names,
hostnames, network resources, shares, and services may be extracted from a
system. In this step, the attacker connects with the system and makes
directed requests to learn more about the target.
By using enumeration, ethical hackers can get the information of:
> SNMP data, if they are not secured correctly.
> Network shares
> Usernames of different systems
> IP tables
> Password policies lists
DOMAIN 2
Reconnaissance Techniques
www.infosectrain.com | sales@infosectrain.com 10