This lab focuses on the practical application of techniques discusses in the ITN 262 lecture. The purpose of this lab is to gain experience with tools used for Network Reconnaissance, and information gathering, using popular scanner like Nmap. Nmap is so powerful that it can find out what ports the machine is listening on. Once these targets are identified, an intruder can easily be able to scan for listening ports.
1. Download and Install Nmap form (nmap.org). Run the installer once it is finished downloading. You will be asked which components you would like to install. Please do not uncheck the Zenmap unless you are too comfortable using command line interface. (
)
Run the “Nmap – Zenmap” GUI program. Zenmap GUI makes scanning a fairly simple process. You should be able to see an icon for it on your desktop. If not, look in your Start menu. Opening Zenmap will start the program. If you are comfortable using the command line interface, you do not need Zenmap). The direction is based on CLI as such I would recommend you to use CLI
If you have a Kali VM nmap is prebuilt. You do not need to install it. Just start it from terminal.
2. Let's do some Network discovery (the process of identifying live hosts on the network). This means that its purpose is not to find all possible information about the targets (like open ports or vulnerabilities), but just to understand their logical location inside the network. Start a basic scan. Scan a single host. What did you find? Please list their IP addresses. (
)
3. Then scan the more in network. (hint:
http://nmap.org/book/man-target-specification.html) . you can also scan ranges of IPs or lists. See some examples below: (
5)
i. # nmap 192.168.30.0/24
ii. #nmap 192.168.30.1 - 100
iii. # nmap 192.168.30.13
iv. # nmap -iL put a list of hosts from room 265
4. Use the flowing 5 switches ( Ex # nmap -sL 192.168.1.0/24 or # nmap -sn 192.168.1.0/24) and explain your output : (10)
1. -sL: List Scan - simply list targets to scan
2. -sn: Ping Scan - disable port scan - You now have a list of hosts that are up (powered on) and responding to echo requests (pings) on the network.
3. –sS The -sS option performs a port scan of 1000 commonly used ports of each target host and reports a list of open ports.
4. -O[upper case O] OS detection will not always possible for various reasons, but sometimes very helpful
5. -sV nmap reports specifics about the programs providing the services on each host.
5. Nmap is useful for reconnaissance too. During discovery one can learn about services, port numbers, firewall presence, protocol, operating system, etc.
a. What information did you gather from your reconnaissance? (
)
b. Which host appears most secure? Why? Write the IP address. Which host appears least secure? Why? Write the IP address (
)
6. How can you do a SYN scan using Nmap. (http://nmap.org/book/man-port-scanning-techniques.html
) Provide appropriate screen captures ()
7. For local network discovery you can use a tool - Netdiscover. It is pretty fast and offers the possibility to perform both active and passive ARP reconnaissance. Download and scan with it. See if you see the same results. (
)
8. For scanning you can use
amap
too. Download
amap
or find it in your Kali. And repeat task 3. (
)
Please find the attached doc for your Lab 2 . When you are done pleasesubmit asingle document( MS Word , or ODT ) furnished with appropriate Screen Captures.Please open a MS Word or equivalent document, save it as (Wireshark lab 1.doc),take appropriate screen captures during the lab and plug in them in your document. A good screenshot should showcase your complete work. Take into account the details around it. Your machine's name, the time when you worked, and the detail of your action . if requires please mark/highlight the portion in screen captures so that it matches with your answer. I reserve the right to deduct points if your screen captures are not clear enough.When you are done with the lab please submit the single document, no Zip file or separate .pngsfiles.