It is possible to identify the open ports on a target system without ever giving that system any indication that you interacted with it. This extremely stealthy form of scanning is referred to as zombie scanning and can only be performed if another system exists on the network that has low network activity and incremental IPID sequencing. This specific recipe demonstrates how we can use Scapy to perform zombie scans.
To use Scapy to perform a zombie scan, you will need to have a remote system that is running TCP services and another remote system that has incremental IPID sequencing. In the examples provided, an installation of Metasploitable2 is used as a scan target and an installation of Windows XP is used as an incremental IPID zombie. For more information on how to set up systems in a local lab environment, refer to the Installing Metasploitable2 and Installing Windows Server recipes in Chapter 1, Getting Started. Additionally, this section will...