9.3.8 Lab - Exploring Nmap-1

docx

School

John Tyler Community College *

*We aren’t endorsed by this school

Course

262

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

7

Uploaded by MegaHareMaster1079

Report
Topology Objectives Part 1: Exploring Nmap Part 2: Scanning for Open Ports Background / Scenario Port scanning is usually part of a reconnaissance attack. There are a variety of port scanning methods that can be used. We will explore how to use the Nmap utility. Nmap is a powerful network utility that is used for network discovery and security auditing. Required Resources CyberOps Workstation virtual machine Internet access Instructions I have bolded and changed font to red for all sections that require a response. Type your response in this document and submit on Canvas when completed. Exploring Nmap In this part, you will use manual pages (or man pages for short) to learn more about Nmap. The man [ program |utility | function ] command displays the manual pages associated with the arguments. The manual pages are the reference manuals found on Unix and Linux OSs. These pages can include these sections: Name, Synopsis, Descriptions, Examples, and See Also. Start CyberOps Workstation VM. Open a terminal. At the terminal prompt, enter man nmap . [analyst@secOps ~]$ man nmap Questions: What is Nmap? Nmap is a network exploration tool and security Type your answers here. What is nmap used for? Nmap is used to scan a network and determine the available hosts and services offered in the network
Type your answers here. While in the man page, you can use the up and down arrow keys to scroll through the pages. You can also press the space bar to forward one page at a time. To search for a specific term or phrase use enter a forward slash (/) or question mark (?) followed by the term or phrase. The forward slash searches forward through the document, and the question mark searches backward through the document. The key n moves to the next match. Type /example and press ENTER. This will search for the word example forward through the man page. In the first instance of example, you see three matches. To move to the next match, press n . Look at Example 1. Question: What is the nmap command used? Nmap -A -T4 scanme.nmap.org Type your answers here. Use the search function to answer the following questions. Questions: What does the switch -A do? Enable OS detection, version detection, script scanning, and traceroute Type your answers here. What does the switch -T4 do? faster execution Type your answers here. Scroll through the page to learn more about nmap. Type q when finished. Scanning for Open Ports In this part, you will use the switches from the example in the Nmap man pages to scan your localhost, your local network, and a remote server at scanme.nmap.org.
Scan your localhost. If necessary, open a terminal on the VM. At the prompt, enter nmap -A -T4 localhost . Depending on your local network and devices, the scan will take anywhere from a few seconds to a few minutes. [analyst@secOps ~]$ nmap -A -T4 localhost Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-01 17:20 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000056s latency). Other addresses for localhost (not scanned): ::1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 996 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.0.8 or later | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r-- 1 0 0 0 Apr 19 15:23 ftp_test <some output omitted> Review the results and answer the following questions. Questions: Which ports and services are opened? 21/tcp: ftp, 22/tcp: ssh Type your answers here. For each of the open ports, record the software that is providing the services. ftp: vsftpd, ssh: OpenSSH Type your answers here. Scan your network. Warning: Before using Nmap on any network, please gain the permission of the network owners before proceeding. At the terminal command prompt, enter ip address to determine the IP address and subnet mask for this host. For this example, the IP address for this VM is 10.0.2.15 and the subnet mask is 255.255.255.0. [analyst@secOps ~]$ ip address <output omitted> 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 08:00:27:ed:af:2c brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3 valid_lft 85777sec preferred_lft 85777sec
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
inet6 fe80::a00:27ff:feed:af2c/64 scope link valid_lft forever preferred_lft forever Record the IP address and subnet mask for your VM. Which network does your VM belong to? 192.168.1.19/24 and it is part of the 192.168.1.0/24 network. Type your answers here. To locate other hosts on this LAN, enter nmap -A -T4 network address/prefix . The last octet of the IP address should be replaced with a zero. For example, in the IP address 10.0.2.15, the .15 is the last octet. Therefore, the network address is 10.0.2.0. The /24 is called the prefix and is a shorthand for the netmask 255.255.255.0. If your VM has a different netmask, search the internet for a “CIDR conversion table” to find your prefix. For example, 255.255.0.0 would be /16. The network address 10.0.2.0/24 is used in this example Note : This operation can take some time, especially if you have many devices attached to the network. In one test environment, the scan took about 4 minutes. [analyst@secOps ~]$ nmap -A -T4 10.0.2.0/24 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-01 17:13 EDT <output omitted> Nmap scan report for 10.0.2.15 Host is up (0.00019s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.0.8 or later | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r-- 1 0 0 0 Mar 26 2018 ftp_test | ftp-syst: | STAT: | FTP server status: | Connected to 10.0.2.15 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 1
| vsFTPd 3.0.3 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 8.2 (protocol 2.0) 23/tcp open telnet Openwall GNU/*/Linux telnetd Service Info: Host: Welcome; OS: Linux; CPE: cpe:/o:linux:linux_kernel Post-scan script results: | clock-skew: | 0s: | 10.0.2.4 | 10.0.2.3 |_ 10.0.2.2 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 256 IP addresses (4 hosts up) scanned in 346.89 seconds Questions: How many hosts are up? 4 Type your answers here. From your Nmap results, list the IP addresses of the hosts that are on the same LAN as your VM. List some of the services that are available on the detected hosts. Type your answers here. Scan a remote server. Open a web browser and navigate to scanme.nmap.org . Please read the message posted. Question: What is the purpose of this site? allows users to learn about Nmap and test their Nmap installation. Type your answers here. At the terminal prompt, enter nmap -A -T4 scanme.nmap.org . [analyst@secOps Desktop]$ nmap -A -T4 scanme.nmap.org Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-01 16:46 EDT Nmap scan report for scanme.nmap.org (45.33.32.156) Host is up (0.040s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f Not shown: 992 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA) | 2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA) |_ 256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA) 25/tcp filtered smtp 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) |_http-server-header: Apache/2.4.7 (Ubuntu) |_http-title: Go ahead and ScanMe! 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 4444/tcp filtered krb524 9929/tcp open nping-echo Nping echo 31337/tcp open tcpwrapped Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 23.96 seconds Review the results and answer the following questions. Questions: Which ports and services are opened? 22/tcp: ssh, 9929/tcp: n ping-echo, 31337/tcp: tcpwrapped, 80/tcp: http Which ports and services are filtered? 135/tcp: msrpc, 139/tcp: netbios-ssn, 445/tcp: microsoft-ds, 25/tcp: smtp What is the IP address of the server? IPv4 address: 45.33.32.156 IPv6 address: 2600:3c01::f03c:91ff:fe18:bb2f
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
What is the operating system? Ubuntu Linux Type your answers here. Reflection Question Nmap is a powerful tool for network exploration and management. How can Nmap help with network security? How can Nmap be used by a threat actor as a nefarious tool?Type your answers here. Nmap can be used to scan an internal network for specific open ports to identify the extent of a security breach. End of document

Related Documents

MCCG146 - Week 6 Quality Audit.docx
1.2 brief.docx
CLCL 007 Assessment.pdf
ACQ 0200 KRQ.docx
OMGT 229 Quiz 4.docx
AP Computer Science Principles Performance Task Questions.docx
Decision-Structures.pdf
lab 10 everything.docx
lab11 everything.docx
EE461L HW3.pdf
02_01-redirection.md.pdf
Envo 5.jpg
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
SEE MORE TEXTBOOKS