Scanning

Scanning is a process in which a malicious user sends probes to a victim machine to determine TCP/UDP open ports, the type of operating system and version, services running on the victim machine, and vulnerabilities:

During the scanning phase, the attack may notice whether port 80 is open or not on the target device. If port 80 is open, we can determine there is a web server daemon running on the target device. The attacker can then use the Telnet protocol to perform banner-grabbing on the victim using port 80 as the destination port. This will determine the type and version of the web server, whether it's Microsoft IIS, Apache, or even nginx. Knowing this information will aid the attacker in fine-tuning their payload for the target device.