Network Vulnerability Scanning

1. What is Network Vulnerability Scanning?

Network vulnerability scanning is the process of identifying security weaknesses in network infrastructure, including routers, switches, firewalls, and connected devices.

2. Network Scanning Phases

1. Host Discovery: Find live hosts on the network
2. Port Scanning: Identify open ports and services
3. Service Detection: Determine running services and versions
4. OS Detection: Identify operating systems
5. Vulnerability Detection: Find known vulnerabilities

3. Nmap - Network Scanner

Nmap (Network Mapper) is the most popular network scanning tool.

Basic Nmap Commands

# Ping scan (host discovery)
nmap -sn 192.168.1.0/24

# TCP SYN scan (stealth scan)
nmap -sS 192.168.1.1

# TCP connect scan
nmap -sT 192.168.1.1

# UDP scan
nmap -sU 192.168.1.1

# Service version detection
nmap -sV 192.168.1.1

# OS detection
nmap -O 192.168.1.1

# Aggressive scan (OS, version, scripts)
nmap -A 192.168.1.1

# Scan specific ports
nmap -p 22,80,443 192.168.1.1

# Scan all ports
nmap -p- 192.168.1.1

# Vulnerability scan with NSE scripts
nmap --script vuln 192.168.1.1

4. Port States

5. Common Network Vulnerabilities

• Open Ports: Unnecessary services exposed
• Default Credentials: Factory-set usernames/passwords
• Outdated Firmware: Unpatched network devices
• Weak Encryption: SSLv3, TLS 1.0, weak ciphers
• SNMP Vulnerabilities: Default community strings
• DNS Misconfigurations: Zone transfers enabled

6. Network Scanning Tools

7. Best Practices

• Always get written authorization before scanning
• Start with less intrusive scans
• Schedule scans during maintenance windows
• Document all scanning activities
• Validate findings before reporting