Lab 4. Using NMap Objective: Use NMAP command line to scan a host or network. 1) Overview of this lab This lab allow you to understand the ways to find a vulnerable website using NMAP command line to scan a host/network. After completing this lab, you can apply your knowledge to think of more idea to write different other scripts to launch different NMAP command to scan host. You should be using the Kali Linux on VM. 2) NMAP - the Network MAPper Nmap is the scanning tool that provides the ability to crack a computer system by finding a target machine vulnerable to attacks. Intruders can scan for UDP and TCP listening ports and can design their attacks accordingly. Our lab exercise will focus on using Nmap in the command-line. 3) How to use NMAP? Nmap is a simple tool to use and is accessed via command line. Usage syntax is: Nmap sflag IP-address/network address Flag are according to the purpose, for example: Icmp ping # nmap -sP 192.124.249.0/24 tcp ping # nmap -sP -PT80 192.124.249.0/24 TCP connect # nmap -sT 192.124.249.n Stealth Scanning # nmap -sS 192.124.249.n UDP Scanning # nmap -sU 192.124.249.n

Page 2 of 5 Stealth FIN # nmap -sF 192.124.249.n (n is the host number) To run most commands in Nmap, root privileges are required. 4) Task 1: getting the IP address of any website Open the terminal and use the host command as shown below Thus, the IP address for google.com web site is 192.124.249.5 5) Task 1: Ping Sweeping: To check what hosts are UP Ping sweeping can be used with option of -sP for finding all the running hosts in the network. The network address and the subnet mask need to be given. Nmap sends an ICMP echo and a TCP ACK to each host it scans. Hosts that respond to either are considered to be up. You need to use ifconfig on the terminal to find your host address and then use that to figure out your network address. Example output is shown in the following figure for port scanning using Nmap: nmap -sP 192.124.249.0/24

Page 3 of 5 TCP ping sweep with flag of -sP PT can be used to check the hosts responding to TCP connection request and to find out the running hosts as some hosts may not reply back to ICMP messages. Example output is shown in the following figure for port scanning with TCP using Nmap: nmap -sP -PT80 192.124.249.0/24 Once intruder knows which machines on a network are up, usually the next step is port scanning. 6) Task 2: Port Scanning Different types of port scans are provided by Nmap: TCP connect, TCP SYN, Stealth FIN, UDP scans. TCP connect One form of port scanning is TCP connect which uses the connect() system call to open connections to interesting ports on the target host and complete the 3-way TCP

Page 4 of 5 handshake. An important issue is that the probe is easily detected by the target host. "- sT" flag is used for this purpose. Example output is shown in the following figure for TCP connect port scanning using Nmap: nmap -sT 192.124.249.5 Try different host number using: nmap -sT 192.124.249.n (where n is the host number) until you find open ports. Exercise: Use the NMap command to complete the following table: Task https://www.bbc.com/ www.youtube.com IP address Two Up hosts IPs TCP connect port scanning for the first two hosts Compare between the results you obtained for scanning the above two websites. 7) Answer the followings questions 1. What is risk management? Why is the identification of risks and vulnerabilities to assets so important in risk management? Answer:

Page 5 of 5 2. Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? Answer: 3. What are vulnerabilities? How do you identify them? Answer: 8) Lab submission The report should include screenshots and working procedures as an evidence of the completion of your lab task