Nmap Lab: Scanning Server Ports & Identifying Open Ports and OS, Lab Reports of Computer Systems Networking and Telecommunications

A lab exercise using nmap to scan the network owned by joe’s kawasakis and toothpick construction, inc. The objective is to identify the ip addresses, operating systems, and open ports for each server. The document also discusses potential showstoppers and provides instructions on how to perform the scan.

Typology: Lab Reports

Pre 2010

Uploaded on 08/18/2009

koofers-user-k6h-1
koofers-user-k6h-1 🇺🇸

10 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
10/9/2008 1Lab D
Lab D
Lab D
If any of your force be killed or
captured, the secretary will
disavow any knowledge of your
actions...this tape will self
destruct in 5 seconds...
Good Luck, Jim
Your
Your
assignment,
assignment,
should you
should you
choose to
choose to
accept it
accept it
Survey servers using
Survey servers using
Nmap
Nmap
pf3
pf4
pf5
pf8

Partial preview of the text

Download Nmap Lab: Scanning Server Ports & Identifying Open Ports and OS and more Lab Reports Computer Systems Networking and Telecommunications in PDF only on Docsity!

10/9/

Lab D

Lab D

Lab D

If any of your force be killed orcaptured, the secretary willdisavow any knowledge of youractions...this tape will selfdestruct in 5 seconds... Good Luck, Jim

Your

Your

assignment,

assignment,

should you

should you

choose to

choose to

accept it

accept it

Survey servers using Survey servers using

Nmap Nmap

10/9/

Lab D

Scenario

You want to scan the network owned by:

Joe’s Kawasakis and Toothpick Construction, Inc.

Assume you learned from a visit to

www.arin.net

that

JK&TC owns the IP address space

208.16.3.1 to

208.16.3.20 A

traceroute

has shown that

is the Edge

Router address.The only ports you are interested in are the serverports,

1 to 1023

, and

(Terminal Server)

Lab D

Lab D

10/9/

Lab D

Lab D

Lab D

Potential Show Stoppers

Not much risk here, since Nmap can randomize itsscans, vary its timing, include decoy scans, and evenput another box between itself and the target.Also, there’s no need to complete a 3-wayhandshake, so it is unlikely any of Nmap’s activitywould be logged.However, there’s no doubt that a savvy sysadmin canmonitor your activity!

Note:

The latest Winpcap must be installed with Nmap.

10/9/

Lab D

Reserved server port numbers

ftp

(file transfer protocol)

ssh

(secure shell)

telnet

(remote login)

smtp

(simple mail transport protocol)

dns

(domain name service)

tftp

(trivial file transfer protocol)

finger

(remote user ID)

http

(hypertext transfer protocol - web pages)

pop

(post office protocol version 3)

netbios

(network basic input output

system - printer/file sharing)

https

(encrypted web pages; s = secure)

Lab D

Lab D

10/9/

Lab D

How you do it

Assume your target owns the IP address space: 208.16.3.2 to 208.16.3.

The only ports you are interested in are the serverports,

1 to 1023

, and

(Terminal Server)

1. To find out who’s up…

Open a DOS window and

Enter:

cd c:\tools\nmap

nmap

–sP 208.16.3.2-

-sP = scan Pings (no port scanning yet)

All you want right now are the server IP addresses

Lab D

Lab D

10/9/

Lab D

How you do it

Do the following to determine the OS, open ports, andservice version.

(To speed things up by not rescanning a

port when it fails to respond the first time, set max-retries tozero)

zero

capital oh

nmap --max-retries 0 –O –p 1-

one

line

--max-retires = just try each test once [saves time!]

-O = OS fingerprint; -p = port

You’re really only interested in ports 1-1023; however, oneof the

Windows servers

is running Terminal Server, and it

listens on port 3389.

Lab D

Lab D