Two tools can be used for this purpose: Nmap for port scanning and Wireshark for packet sniffing.

Part 1: Port scanning Port scanning allows the pentester or attackers to obtain information such as open ports on a given host and the software the server is running on a publically-addressable interface. The attacker can use this information to attack the victim server. 1. Only scan scanme.nmap.org! 2. Use Wireshark to record the traffic 3. Use a TCP SYN scan. (Read the Nmap man to locate the appropriate flag to use.) 4. Enable OS detection, version detection, script scanning, and traceroute. (This is a single flag.) 5. Do a quick scan (-T4) 6. Scan all ports.

Answer the following questions: 1. What is the full command and arguments you used to run the port scan? 2. What is the IP address of scnme.nmap.org? 3. What ports are open on the target server? What applications are running on those ports? (for this part, you only need to report the service name printed by Nmap.) 4. The target machine is also running a web server. What webserver software and version is being used? What ports does it run on?