From the course: Wireshark: Malware and Forensics
Join today to access over 24,800 courses taught by industry experts.
Understanding port scans - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Understanding port scans
- [Instructor] Many attacks have a specific pattern. A well-tuned device will recognize the pattern as malicious and hopefully block the attack. One type of attack is a passive attack and this is done during reconnaissance. Now, during reconnaissance the malicious actor is trying to get as much information about the network as possible. And there are a number of different scans that can be run. One is a ping sweep. There could be port scans, operating system fingerprinting, or network mapping. Now a ping sweep is when the malicious actor sends a series of packets out onto the network to identify live hosts. The malicious actor will attempt to get a response, and hopefully one or more hosts will respond back to the malicious actor. Now, once we know which host is awake and listening and responding, the next step is to do a port scan. Now a port scan identifies listening TCP ports on a responding host. Now, in this case you…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
OSI layer attacks2m 46s
-
(Locked)
Indications of compromise4m 9s
-
(Locked)
Ports related to malicious activity3m 37s
-
(Locked)
Understanding port scans5m 7s
-
(Locked)
Investigating attacks3m 35s
-
(Locked)
Using VirusTotal4m 25s
-
(Locked)
Challenge: Analyze netstat output50s
-
(Locked)
Solution: Analyze netstatoutput55s
-
-
-