What is Network Scanning? What Are Different Types of Scanning in Ethical Hacking?

In ethical hacking, you can win half the war if you know and understand the strategy of your target. There are several ways to collect information about a target, which have been explained in this section about network scanning in ethical hacking. 

Scanning networks is crucial because just basic details or information is not sufficient. As part of our comprehensive Ethical Hacking Tutorial for Beginners, let’s understand what is network scanning, its methodology, and the different types of scanning in ethical hacking.

Network scanning is the method used to scan a network, primarily for security assessment and maintaining the system. Hackers use it for carrying out attacks. 

Ethical hackers and technical teams use network scanning to check whether the devices in work are working as expected and whether there are no vulnerabilities and loopholes. By finding the issues, they can then troubleshoot them. 

To have a better idea of what is ethical hacking or what is networking, check the linked write-ups.

For performing network scanning, the admins use certain tools and scanners to send a ping to all the devices in the network. The admins then check the responses received for the pings. 

If a device on the network is live, the scanner will receive an ICMP echo reply packet. Based on the kind of responses from the network devices, the admins can find the inconsistencies and vulnerabilities.

Apart from network scanning, there are several more types of scanning in ethical hacking and cyber security. Let's discuss them all one by one.

1. Network Scanning

As discussed above, network scanning is the technique of scanning the devices and systems in a network for vulnerabilities and inconsistencies. Its role is to help admins and ethical hackers find and fix vulnerabilities so that hacking attacks on the network can be avoided.

2. Port Scanning

Penetration testers use port scanning techniques to identify the open ports or doors in a system that can be compromised by attackers. If compromised, the hackers can find the live hosts, firewalls, OS, and devices connected to the system.

3. Vulnerability Scanning

It is the automated scanning of the systems in a network to find whether there are any vulnerabilities or loopholes.

4. TCP Scanning

TCP scanning uses the port scanning method. It scans all the ports in a system or network to find the ones that are open, half-open or closed. In case a port is found open, the OS will perform the TCP three-way handshake. The scanner will end the connection so that DoS attacks can be avoided.

5. UDP Scanning

UDP port scanners are used for finding the open ports in the user datagram protocol. If a port is found open, there will be an ICMP port unreachable response. 

However, it also considers those ports open which are blocked by firewalls or the ‘port unreachable’ message is blocked.

6. SYN Scanning

SYN scanning is a part of TCP scanning. In this method, the port scanner doesn’t use the network functions of the OS, but creates new IP packets and checks the responses. 

SYN scanning doesn’t fully open the TCP connection. Hence, it is also referred to as half-open scanning. An SYN packet is created and sent to all the ports. For open ports, there will be an SYN-ACK response. For closed and unfiltered ports, there will be an RST response.

7. ICMP Scanning

The role of ICMP scanning is to map network topology. It stands for Internet Control Message Protocol. 

When ICMP scanning is attempted, it receives three types of responses- normal, possibly suspicious, and highly suspicious.