Lab$3$: Nmap

Lab Objectives: Upon completion of this lab, you will:

Learn about port scanning

Learn the basic commands and syntax of Nmap

$,$ Perform more complex port$-$scanning attacks with Nmap

Total points: $100$

Lab$3-$Part$1$: Getting to know Nmap

Nmap originally written for Phrack magazine in $1997$ by Fyodor, Nmap has become one of the most popular port scanners and can be used for penetration testing $($See Figure. $1$ which was discussed in the lecture$).$ Nmap adds new features constantly, such as OS detection and fast multiple$-$probe ping scanning. Nmap also has a GUI front end called Zenmap that makes working with complex options easier. Nmap has been enhanced over the years because, like many other security tools, it's open source; if bugs are found, users can offer suggestions for correcting them.

Nmap is referred to often in this course because it's currently the standard port$-$scanning tool for security professionals. Regardless of the other port$-$scanning tools available, any security tester with a modicum of experience has worked with Nmap. As a beginning student, you can use it during every part of a security or penetration test but remember to build proficiency in a variety of tools.

In this lab, you use Nmap to perform quick scans of a network. You send a SYN packet to a host:

For people using their own machines $($these will be referred to as the attack addresses$)$: $45\mathrm{.}33\mathrm{.}32\mathrm{.}158($you can use any other IP addresses in the attack range too$),$ the attack range is $45\mathrm{.}33\mathrm{.}32\mathrm{.}156/24$ or

scanme.nmap.org$/24$

For those using the lab equipment. This lab is to be done ON THE SECURITY MACHINES using the following IPs $($these will be referred to as the attack addresses$)$:

In this example, the attack network IP addresses are $192\mathrm{.}169\mathrm{.}2\mathrm{.}2$&$192\mathrm{.}168\mathrm{.}2\mathrm{.}3.Theattackrangei{s}_{?}192\mathrm{.}169\mathrm{.}2\mathrm{.}1-192\mathrm{.}169\mathrm{.}2\mathrm{.}5$

These addresses will be referred to as $45\mathrm{.}33\mathrm{.}32\mathrm{.}1562>,$ and $.$ when you see this notation, you will type the $IP$ address requested, without the brackets. For example:

$If$ you see the instruction: type and you are $at$ home, you will type EXACTLY:

$45\mathrm{.}33\mathrm{.}32\mathrm{.}156$

$If$ you are using the lab machines you would type EXACTLY:

$192\mathrm{.}168\mathrm{.}2\mathrm{.}1$

$If$ you see the instruction: type and you are using your own machine, you would type EXACTLY:

scanme.nmap.$or\frac{g}{24}or$

scanme.nmap.$or\frac{g}{24}$

Check your internet connection before you start $(for$ those that use their own equipment$)$ and also make sure $to$ follow the rules $of$ engagement, and don't perform port scanning $on$ any systems not included $in$ the $IP$ range your instructor gives you.

Step$1.$Start your Kali Linux virtual machine. Open a command shell $by$ clicking the Terminal icon $on$ the panel taskbar. Type nmap $-h|$ less and press Enter $to$ see all available Nmap commands. Your screen should look like Figure $5-2.$ You can scroll $to$ review the command parameters.$|1>$ and $2>,$ and $.$ when you see this notation, you will type the $IP$ address requested, without the brackets. For example:

$If$ you see the instruction: type and you are $at$ home, you will type EXACTLY:

$45\mathrm{.}33\mathrm{.}32\mathrm{.}156$

$If$ you are using the lab machines you would type EXACTLY:

$192\mathrm{.}168\mathrm{.}2\mathrm{.}1$

$If$ you see the instruction: type and you are using your own machine, you would type EXACTLY:

scanme.nmap.$or\frac{g}{24}or$

scanme.nmap.$or\frac{g}{24}$

Check your internet connection before you start $(for$ those that use their own equipment$)$ and also make sure $to$ follow the rules $of$ engagement, and don't perform port scanning $on$ any systems not included $in$ the $IP$ range your instructor gives you.

Step$1.$Start your Kali Linux virtual machine. Open a command shell $by$ clicking the Terminal icon $on$ the panel taskbar. Type nmap $-h|$ less and press Enter $to$ see all available Nmap commands. Your screen should look like Figure $5-2.$ You can scroll $to$ review the command parameters.$|$

salehian$-$csi$4480$@kalk $-$

File Actions Edit View HelpFigure $2.$ Source: Kali Linux Nmap help screen

After reviewing the parameters, try the first two examples provided at the end of this command.

Submission Requirements $1$: You need to explain each command and the options $($you need to use the information provided in the help command and you may need to research for more information$).$

Press q to exit the help screen.

Step $2.$ To send a SYN packet to an IP address in your attack range, type: nmap $-$sS $-$v $$ Attack address $1>($without brackets$),$ e$.$g$.,$ nmap$-$sS $192\mathrm{.}168\mathrm{.}2\mathrm{.}1$ if you are in the lab, and press Enter. This is the last time we will tell you: enter the IP address without brackets.

$*$half$-$open scan is also called Stealth scan.

You need to use root privilege to run this command so use sudo before the command: sudo nmap $-$sS $-$v $$ Attack Address $1>$

Submission Requirements $2$: What are the results of your SYN scan?

Step $3.$ Next, try sending a new SYN packet to $$