Week 10 Lab: Network Discovery - FlameSpyro/Tech-Journal GitHub Wiki

Provided Assignment

LAB

Exercise 1 Network Information SUBMISSION: Open a command prompt and run the command ipconfig /all and put the output for ONLY your LAN IP address in your GitHub submission and put two asterisks next to your IP address, Physical Address, Subnet Mask, and Default Gateway.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : champlain.edu

Description . . . . . . . . . . . : Intel(R) Ethernet Connection (10) I219-V

** Physical Address. . . . . . . . . : 54-05-DB-31-9F-66

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::e4bd:b985:370d:403b%2(Preferred)

** IPv4 Address. . . . . . . . . . . : 184.171.152.224(Preferred)

** Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, November 8, 2020 1:34:50 PM

Lease Expires . . . . . . . . . . : Sunday, November 8, 2020 5:39:55 PM

** Default Gateway . . . . . . . . . : 184.171.152.250

DHCP Server . . . . . . . . . . . : 216.93.150.163

DHCPv6 IAID . . . . . . . . . . . : 609486299

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-0F-1D-32-E0-D4-E8-84-A9-9F

DNS Servers . . . . . . . . . . . : 216.93.145.253 216.93.145.247

NetBIOS over Tcpip. . . . . . . . : Enabled

Nmap allows the usage of a range of IP address, where a range is specified with a hyphen between the lower number and the upper number in the range. These ranges can be used in any of the dotted quad numbers that make up the IPv4 address. Here are two examples for a Class C (/24) range and a Class B (/16) range.

NOTE: When you are performing a port scan, it is imperative you only scan IP addresses that are within the "SCOPE" of your assessment. Port scans are not illegal, UNLESS it causes a disruption of service. A simple port scan can disrupt some types of network services. It is best to double-check to ensure you are typing the proper IP addresses or address ranges before you run the scan.

SUBMISSION: If you were told the "SCOPE" of your scan is all hosts within the subnet: 192.168.1.32/27, what is the "Host Address Range" you are allowed to scan? Use http://www.subnet-calculator.com/ and enter the IP address and the "27" as the "Mask Bits." List the range of IP addresses you can scan.

192.168.0.1 - 192.168.0.254

SUBMISSION: If you were told the "SCOPE" of your scan is all hosts within the subnet: 192.168.4.0/255.255.255.0, what is the "Host Address Range" you are allowed to scan? Use http://www.subnet-calculator.com/ and enter the IP address and the "255.255.255.0" as the "Subnet Mask." List the range of IP addresses you can scan.

192.168.4.1 - 192.168.4.254

Using ZenMap

Start Zenmap and set the Target to the range of your network and set the “Profile” to Ping Scan. In the first submission, type in your IP and subnet mask into the website: http://www.subnet-calculator.com/ to complete the rest of the lab.

SUBMISSION: What is the nmap command displayed in the Command window?

_nmap -sn 184.171.152.1-254

SUBMISSION: Look at the Nmap Options Summary Page. What does the option –sn specify?

Ping Scan: Disable Port Scan

Click Scan and wait for your scan to complete. Provide a synopsis of your results including:

  1. the number of hosts scanned 255
  2. the number that are up 54 up
  3. how long the scan took. 24.09 Seconds

Quick Scan

Change the Profile to Quick Scan.

SUBMISSION:What is the nmap command displayed in the Command window?

_nmap -T4 -F 184.171.152.1-254

SUBMISSION: Look at the Nmap Options Summary Page. What do the options –T4 and -F mean?

-F is Fast Mode, scanning fewer ports than a default scan. -T can be set from 0 to 5 to depend on the timing template set.

SUBMISSION: Click Scan and wait for your scan to complete. Provide a synopsis of your results (use the table below) including:

  1. the number of hosts scanned 254 ips
  2. the number that are up 54 host
  3. how long the scan took 126.33 Seconds
  4. explain what is different about these results versus the ping scan. Provide details in your response. What specifically is different?

_ What this does overall is provide a faster result while showing a lesser number of results to save time._

Regular Scan

Click the Scan menu and open a new Window. Set your target to the same range used above and set the Profile to Regular Scan.

SUBMISSION: What is the nmap command displayed in the Command window?

_nmap 184.171.152.1-254

SUBMISSION: Click Scan and wait for your scan to complete. Provide a synopsis of your results including:

  1. the number of hosts scanned 255
  2. the number that are up 54
  3. how long the scan took 537.31 seconds
  4. The synopsis for this section must compare the results with the results from above and emphasize any differences. (What differences are there between this scan and the “Quick Scan.”) Goes through the regular process not skipping any ports but it takes so much time for an accurate scan.

Service and OS Detection

The Intensive Scan Profile and Quick Scan Plus profile each do both Service and OS detection although in different ways. SUBMISSION: Choose each of these profiles and record the nmap commands. Use the Options Summary Page to compare the options used by each.

Intense Scan Command

-A option Enable OS detection, version detection, script scanning, and traceroute -v option Increase verbosity level (use -vv or more for greater effect)

**Quick Scan Plus ** Command

-sV option Probe open ports to determine service/version info -O option Enable OS detection --version-light Limit to most likely probes (intensity 2)

Click the Scan menu and open a new Window. Set your target to the same range used above and set the Profile to Quick Scan Plus

Click Scan and wait for your scan to complete. Which host on your network has the most network ports open? (You may see more on your own hosts because you are scanning from it so exclude your system).

184.171.152.252

Why did we start this assignment with a ping scan first?

To ensure a proper connection that we currently have.