Probing Using Zenmap Gui

Probing Using Zenmap Gui Hackers traditionally follow a 5-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying your target and learning as much as possible about the target. Hackers traditionally perform an initial reconnaissance probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, students will plan an attack on 172.30.0.0/24 where the VM server farm resides. Using ZenMap GUI, students will then perform a Ping Scan or Quick Scan on the targeted IP subnetwork. Lab Assessment Questions Answers Name at least five applications and tools pre-loaded on the Windows 2003 Server Target VM (VM Name: WindowsTarget01) and identify whether that application starts as a service on the system or must be run manually? Lan routing Run manually Nat Run manually Vpn Start as a service Terminal services Start as a service Streaming server Run manually What was the DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router? DHCP allocated the following IP addresses Source IP host address is 192.168.1.6 DHCP server address 192.168.1.1 Default gateway router address is 192.168.1.1 Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the ping command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? Yes, four ICMP echo-request packets sent when I initiate a ping command from the DOS prompt Details of these packets are as follows: Ping statistics for 192.168.1.6 Packets: sent=4, Received=4, Lost=0 (0% loss) Approximate round trip times in milli-seconds: Minimum=0ms, Maximum=131ms, Average= 43ms If you ping the WindowsTarget01 VM server and the UbuntuTarget01 VM server, which fields in the ICMP echo-request / echo-replies vary? When I ping the WindowsTarget01 VM server and the UbuntuTarget01 VM server, ICMP echo-request / echo-replies of Windows Target01 VM server varies like 8ms, 131ms, 33ms and What is the command line syntax for running an Intense Scan with ZenMap on a target subnet of 172.30.0.0/24? nmap -T4 -A -v 192.30.0.0/24 Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those particular scans. Intense Scan: Command = nmap -T4 -A -v Intense Scan is to comprehensive scan the network and all the computers in the network. The benefit is that you can check all the vulnerabilities in the network where you are connected with. Ping scan Command = nmap -sn Ping scan only finds either target/targets are up or not. It does not scan the ports of that particular target/targets. Quick scan Command = nmap -T4 -F It is faster than the normal scan because it scans the fewer ports and uses the aggressive timing template Quick scan plus Command = nmap -sV -T4 -O -F version-light It detects the Operating system as well as the version of OS. Quick traceroute Command = nmap -sn traceroute It does not do the port scanning it just find the intermediate hops where from you can connect with the computer. Regular scan Command = nmap A basic port scan with no extra options. How many different tests (i.e., scripts) did your Intense Scan definition perform? List them all after reviewing the scan report. It performs the following tests: Port Scanning OS detection Version detection Network Distance TCP sequence prediction Trace route Describe what each of these tests or scripts performs within the ZenMap GUI (Nmap) scan report. Port Scanning: A port scan is mostly what its name suggests, a scan of all the ports open upon a system. The way a port-scanner typically works is to attempt to connect to each port upon a host, in turn, and then report the results. For example a scanner could connect to: port 1 to see if tcpmux is running. port 7 to see if echo is running. port 22 to see if openssh is available. port 25 to see if smtp is available. OS Detection: One of Nmaps best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. Version Detection: Two important fields that version detection can discover are operating system and device type. These are also reported on the Service Info line. We use two techniques here. One is application exclusivity. If we identify a service as Microsoft Exchange, we know the operating system is Windows since Exchange doesnt run on anything else. The other technique is to persuade more portable applications to divulge the platform information. Many servers (especially web servers) require very little coaxing. This type of OS detection is intended to complement Nmaps OS detection system (-O) and can sometimes report differing results. For example, consider a Microsoft Exchange server hidden behind a port-forwarding UNIX firewall. Network Distance: It detects how many hops are involved in the way to reach to the targeted computer. TCP sequence prediction: Nmap sends a couple of resets first to the open port, then sends six packets with just SYN set (the normal method for opening a TCP connection), followed each time with a reset (a TCP header with reset and ACK flags set, which aborts the connection). The sequence numbers in packets sent increase incrementally by one each time; this is abnormal behavior but is characteristic of sequence number collectors. Nmap collects the initial sequence numbers received from the target and looks for a pattern in the way they are incremented. This is called a TCP sequence prediction. Traceroute: Nmap does not perform a full trace to every host, so necessarily it must make assumptions about the hops that it has not probed. The first and most fundamental of these is that, in tracing a host, we find an intermediate hop that has already been seen in tracing another host, we may assume that it and all it parents hops are shared between the two hosts. How many total IP hosts (not counting Cisco device interfaces) did ZenMap GUI (Nmap) find on the network? Two (2) up hosts are found in my network. Based on your Nmap scan results and initial reconnaissance probing, what next steps would you perform on the VM server farm and VM workstation targets? In Nmap scanning weve been find the vulnerabilities of network or targeted computer. After the reconnaissance weve to check where weve to enter into the computer for the specific purpose i.e. if we want to check the web services on the targeted computer then weve to enter form the port 80.