Scanning the Victim System

Another way of determining which ports are open on a victim system is to perform an external port scan of the system. By scanning the box, any ports that are open should respond to connection requests and be detected by a port scanner. You can compare these results to the output of live-analysis tools such as netstat to corroborate their results or draw attention to open ports that were masked by kernel-level rootkits.

Scanning a system is a relatively simple task that can be accomplished using freely available tools. One such tool is Nmap, a free security scanner for network exploration and hacking that is available for download from www.nmap.org. This tool can perform a variety of scan types against a specified range ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Scanning the Victim System

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly