 Definition of Scanning
 Types of Scanning
    o Port Scanning
    o Network Scanning
    o Vulnerability Scanning
 Objectives of Scanning
 CEH Scanning Methodology
    o Check for live systems
        • ICMP Scanning
        • Angry IP
        • HPING2
        • Ping Sweep
        • Firewalk
    o Check for open ports
        • Nmap
        • TCP Communication Flags
        • Three Way Handshake
        • SYN Stealth / Half Open Scan
        • Stealth Scan
        • Xmas Scan
        • FIN Scan
        • NULL Scan
        • IDLE Scan
        • ICMP Echo Scanning/List Scan
        • TCP Connect / Full Open Scan
        • FTP Bounce Scan
        • FTP Bounce Attack
        • SYN/FIN Scanning Using IP Fragments
        • UDP Scanning
        • Reverse Ident Scanning
        • RPC Scan
        • Window Scan
        • Blaster Scan
        • PortScan Plus, Strobe
        • IPSecScan
        • NetScan Tools Pro
        • WUPS – UDP Scanner
        • SuperScan
        • IPScanner
        • MegaPing
        • Global Network Inventory Scanner
        • Net Tools Suite Pack
        • FloppyScan
        • War Dialer Technique
        • Why War Dialing?
        • Wardialing 
        • PhoneSweep
        • THC Scan
        • SandTrap Tool
    o Banner grabbing/OS Fingerprinting
        • OS Fingerprinting
        • Active Stack Fingerprinting
        • Passive Fingerprinting
        • Active Banner Grabbing Using Telnet
        • GET REQUESTS
        • p0f – Banner Grabbing Tool
        • p0f for Windows
        • Httprint Banner Grabbing Tool
        • Active Stack Fingerprinting
        • XPROBE2
        • RING V2
        • Netcraft
        • Disabling or Changing Banner
        • Apache Server
        • IIS Server
        • IIS Lockdown Tool
        • ServerMask
        • Hiding File Extensions
        • PageXchanger 2.0
    o Identify Service
    o Scan for Vulnerability
        • Bidiblah Automated Scanner
        • Qualys Web-based Scanner
        • SAINT
        • ISS Security Scanner
        • Nessus
        • GFI LANGuard
        • SATAN (Security Administrator’s Tool for Analyzing Networks)
        • Retina
        • NIKTO
        • SAFEsuite Internet Scanner
        • IdentTCPScan
    o Draw network diagrams of Vulnerable hosts
        • Cheops
        • FriendlyPinger
    o Prepare proxies
        • Proxy Servers
        • Use of Proxies for Attack
        • SocksChain
        • Proxy Workbench
        • ProxyManager Tool
        • Super Proxy Helper Tool
        • Happy Browser Tool (Proxy-based)
        • MultiProxy
        • TOR Proxy Chaining Software
    o Anonymizers
        • Primedius Anonymizer
        • Browzar
        • Torpark Browser
        • G-Zapper - Google Cookies
    o SSL Proxy Tool
    o HTTP Tunneling Techniques
    o HTTPort
    o Spoofing IP Address - Source Routing
    o Detecting IP Spoofing
    o Despoof Tool
    o Scanning Countermeasures
    o Tool: SentryPC

Source:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

Don