




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A lab exercise using nmap to scan the network owned by joe’s kawasakis and toothpick construction, inc. The objective is to identify the ip addresses, operating systems, and open ports for each server. The document also discusses potential showstoppers and provides instructions on how to perform the scan.
Typology: Lab Reports
1 / 8
This page cannot be seen from the preview
Don't miss anything!





10/9/
Lab D
If any of your force be killed orcaptured, the secretary willdisavow any knowledge of youractions...this tape will selfdestruct in 5 seconds... Good Luck, Jim
Survey servers using Survey servers using
Nmap Nmap
10/9/
Lab D
Scenario
You want to scan the network owned by:
Joe’s Kawasakis and Toothpick Construction, Inc.
Assume you learned from a visit to
www.arin.net
that
JK&TC owns the IP address space
208.16.3.1 to
traceroute
has shown that
is the Edge
Router address.The only ports you are interested in are the serverports,
1 to 1023
, and
(Terminal Server)
10/9/
Lab D
Potential Show Stoppers
Not much risk here, since Nmap can randomize itsscans, vary its timing, include decoy scans, and evenput another box between itself and the target.Also, there’s no need to complete a 3-wayhandshake, so it is unlikely any of Nmap’s activitywould be logged.However, there’s no doubt that a savvy sysadmin canmonitor your activity!
Note:
The latest Winpcap must be installed with Nmap.
10/9/
Lab D
Reserved server port numbers
ftp
(file transfer protocol)
ssh
(secure shell)
telnet
(remote login)
smtp
(simple mail transport protocol)
dns
(domain name service)
tftp
(trivial file transfer protocol)
finger
(remote user ID)
http
(hypertext transfer protocol - web pages)
pop
(post office protocol version 3)
netbios
(network basic input output
system - printer/file sharing)
https
(encrypted web pages; s = secure)
10/9/
Lab D
How you do it
Assume your target owns the IP address space: 208.16.3.2 to 208.16.3.
The only ports you are interested in are the serverports,
1 to 1023
, and
(Terminal Server)
1. To find out who’s up…
Open a DOS window and
Enter:
cd c:\tools\nmap
nmap
–sP 208.16.3.2-
-sP = scan Pings (no port scanning yet)
All you want right now are the server IP addresses
10/9/
Lab D
How you do it
Do the following to determine the OS, open ports, andservice version.
(To speed things up by not rescanning a
port when it fails to respond the first time, set max-retries tozero)
zero
capital oh
nmap --max-retries 0 –O –p 1-
one
line
--max-retires = just try each test once [saves time!]
-O = OS fingerprint; -p = port
You’re really only interested in ports 1-1023; however, oneof the
Windows servers
is running Terminal Server, and it
listens on port 3389.