From the course: Wireshark: Malware and Forensics
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Understanding port scans - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Understanding port scans
- [Instructor] Many attacks have a specific pattern. A well-tuned device will recognize the pattern as malicious and hopefully block the attack. One type of attack is a passive attack and this is done during reconnaissance. Now, during reconnaissance the malicious actor is trying to get as much information about the network as possible. And there are a number of different scans that can be run. One is a ping sweep. There could be port scans, operating system fingerprinting, or network mapping. Now a ping sweep is when the malicious actor sends a series of packets out onto the network to identify live hosts. The malicious actor will attempt to get a response, and hopefully one or more hosts will respond back to the malicious actor. Now, once we know which host is awake and listening and responding, the next step is to do a port scan. Now a port scan identifies listening TCP ports on a responding host. Now, in this case you…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.