Forensic Assignment. Two labs due sunday 11:59.

ITN 262

Lab 2

This lab focuses on the practical application of techniques discusses in the ITN 262 lecture. The purpose of this lab is to gain experience with tools used for Network Reconnaissance, and information gathering, using popular scanner like Nmap. Nmap is so powerful that it can find out what ports the machine is listening on. Once these targets are identified, an intruder can easily be able to scan for listening ports.

1. Download and Install Nmap form (nmap.org). Run the installer once it is finished downloading. You will be asked which components you would like to install. Please do not uncheck the Zenmap unless you are too comfortable using command line interface. ( )

Run the “Nmap – Zenmap” GUI program. Zenmap GUI makes scanning a fairly simple process. You should be able to see an icon for it on your desktop. If not, look in your Start menu. Opening Zenmap will start the program. If you are comfortable using the command line interface, you do not need Zenmap). The direction is based on CLI as such I would recommend you to use CLI

If you have a Kali VM nmap is prebuilt. You do not need to install it. Just start it from terminal.

1. Let's do some Network discovery (the process of identifying live hosts on the network). This means that its purpose is not to find all possible information about the targets (like open ports or vulnerabilities), but just to understand their logical location inside the network. Start a basic scan. Scan a single host. What did you find? Please list their IP addresses. ( )

1. Then scan the more in network. (hint: http://nmap.org/book/man-target-specification.html) . you can also scan ranges of IPs or lists. See some examples below: ( 5)

   1. 1. # nmap 192.168.30.0/24 (based on where you are please change the Ip range if required)

      2. #nmap 192.168.30.1 – 100 based on where you are please change the Ip range if required

      3. # nmap 192.168.30.13 (change to an IP of an active machine from the scan above)

      4. # nmap -iL <file list of hosts> (put a list of active hosts from above scan )

1. Use the flowing 5 switches ( Ex # nmap -sL 192.168.1.0/24 or # nmap -sn 192.168.1.0/24) and explain your output : (10)

1. -sL: List Scan - simply list targets to scan

2. -sn: Ping Scan - disable port scan - You now have a list of hosts that are up (powered on) and responding to echo requests (pings) on the network.

3. –sS The -sS option performs a port scan of 1000 commonly used ports of each target host and reports a list of open ports.

4. -O[upper case O] OS detection will not always possible for various reasons, but sometimes very helpful

5. -sV nmap reports specifics about the programs providing the services on each host.

1. Nmap is useful for reconnaissance too. During discovery one can learn about services, port numbers, firewall presence, protocol, operating system, etc.

1. 1. What information did you gather from your reconnaissance? ( )

   2. Which host appears most secure? Why? Write the IP address. Which host appears least secure? Why? Write the IP address ( )

1. How can you do a SYN scan using Nmap. (http://nmap.org/book/man-port-scanning-techniques.html ) Provide appropriate screen captures ()

1. For local network discovery you can use a tool - Netdiscover. It is pretty fast and offers the possibility to perform both active and passive ARP reconnaissance. Download and scan with it. See if you see the same results. ( )

1. For scanning you can use amap too. Download amap or find it in your Kali. And repeat task 3. ( )

ITN 262 NVCC, Manassas