Nmap as an offensive network security tool

Assignment Help Computer Network Security

Reference no: EM132637363

HS1011 Data Communication and Networks - Holmes Institute

Introduction to Network Security

Hands-On Project 1: Nmap as an Offensive Network Security Tool

Objective: understanding the use of network security tool tofind vulnerability of the network and network operating systems.

Required Tools/Equipment:Zenmap (Nmap, short for Network Mapper, is a very versatile security tool that should be included in every professional's toolkit.) Nmap is an open source utility for network exploration, security scanning and auditing.
Description: In this project, we will use Nmap to find a target host, perform port scanning and OS fingerprinting.

1.Find the target computer:

• Before starting this lab, a target computer has been set up for you. You can use Nmap to scan entire networks to look for potential targets. This can be done by "ping sweeping" with the -sp command. When using this command, Nmap sends in ICMP echo and a TCP ACK flag to each host that it scans. If Nmap receives a response, it notes that IP as being a running host and then continues its scanning process.

• From the command line (START/RUN/cmd) you can scan for all hosts on the local network by typing in the following command:

nmap -sP 10.1.2.* -sP stand for "sweep ping".

• Nmap will return with its scanning results after a short wait. Record the IP address, MAC address and host types( such as HP, cisco, etc) in your report (at the end of this lab) as shown in Figure 1.
Your target computer has an IP of _________________________

[OPTIONAL] : There is also another, more specific, way to ping your targeted computers. In some scenarios, a host may be blocking some sorts of traffic, so specifying a specific port for the scan may be necessary. You can try scanning on port 80 since that is normally open for http traffic. To specify a specific port, the -PT command is used. From the command line, run: nmap -sP -PT80 192.168.1.* NOTE: For Nmap to determine if a host is running, the specified port (in this case 80) does not need to be open.

2. OS Fingerprinting

It is usually important for an attacker to know what OS version is running on the target computer.

This is done by using the -O command, which must be used in conjunction with a port scan (-sT or -sS which will be covered later).
From the command line run:

nmap -O -v <one IP address listed in part 1>

Nmap will scan for specific ports, and then extrapolate the most likely target OS from the open port information. Record the resulting Nmap data in your report as shown in Figure 2.

3. Port Scanning

The most simple port scan is a TCP connect scan. This attempts to complete a normal 3- way handshake with the targeted computer. You can run this scan on a specific IP (ask your instructor what to use, or use the machine identified in 1.1) with the -sT command. From the command line:

nmap -sT<one IP address listed in part 1>

This will scan for open ports on that specific host. The scanning result will as Figure 3.

Note: This type of scan is very easy to detect since the target host will log the connection by the attacker. You can even check in the

4. Stealth Scanning from the GUI

The basic deep scan (using the -sT command) can be detected easily, and there are alternatives to such brute force methods of scanning. Stealth port scanning is used to avoid logs being created of your scanning activity. The targeted computer doesn't log the connection because the 3-way TCP handshake never finishes. Instead of finishing the handshake, the attacker sends an RST (reset command) flag to disconnect the connection instead of acknowledging the connection. Let's try the stealth port scan, but we will use the nmap GUI to make our task easier. Go to Start/nMap/nMap -ZenMap GUI. You should see something that looks like this:

- In the target line, enter the IP address of your target machine.
- In the Profile line select "stealth scan" if it is available.
- IF STEALTH SCAN IS NOT AVAILABLE, type the following into the command line.

nmap -sS -v <one IP address listed in part 1>

NOTE: You can create your own scans and save them as "profiles" - When you are ready hit the SCAN button. After you have run your scan, take a look at the other tabs. What information was disclosed by this scan?

Attachment:- Introduction to Network Security.rar

Reference no: EM132637363

Questions Cloud

What would have been the income before income taxes : Consumer reported income before income taxes of $2070 million. What would have been the income (loss) before income taxes

Determine the internal bending moment : Determine the internal bending moment (in Nm) at a point where r = 0.51 m and ?= 32 degrees. (2 decimals)

Difference in elevation between two ground points : The difference in elevation between two ground points was measured by each of three field parties using different kinds of leveling instruments

Life-cycle costing : Respond to the following prompts: "What do I feel are the most important aspects of my learning in the chapters this week?"

Nmap as an offensive network security tool : Introduction to Network Security - Nmap as an Offensive Network Security Tool - understanding the use of network security tool tofind vulnerability

Determine the axial forces for which the member : Determine the axial forces for which the member CD should be designed given the following service loads: dead load of 1 kip/ft on girder

Draw the mode of shapes of column buckling : Draw the mode of shapes of column buckling with Pcr values.

Summary and purpose of the article of variable costing : Summary and purpose of the article of Variable Costing. Variable Costing has now arrived of a period and is providing to be an exceptionally

What income effects would be reported : On Pine's financial statements for the year ended December 31, 2021, what income effects would be reported from its ownership in Seacrest

User Account

All Pages