Week 2 SEC‐335 Host Discovery - Foren-Ken/tech-journal GitHub Wiki

This week was focused on Active Reconnaissance and tool usage.

Active Reconnaissance

This topic refers to the techniques where information is obtained from the devices directly by use of a scan or other non-passive means. This does increase the chance of being discovered since a paper trail of connections and scans are being made which may be noticed by the firewall or an IDS. In this class, the classic ping in addition to Nmap and fping have been utilized. While this most likely isn't the complete list of tools, at this time these tools have been used.

---

Host Discovery Activity

Technical: I was able to solve this activity by developing the following three shell scripts. multifping.sh multiping.sh multinmap.sh

The scripts allow for a sweep ping utilizing ping, fping, and Nmap while saving a list of available hosts to a file. For ping and fping, a special factor I discovered is that the result of ping can be used for a true or false statement. An example is from multiping.sh which has the following:

bash if fping -c 1 -t 100 {ip-addr}

If the host is up, "true" will be provided, and if the host did not respond, then "false" would be provided. Another observation made during this lab was that nmap was able to flag more hosts as "up" than ping was able to. This seems to be due to nmap providing a more in-depth scan which allows for hosts which ignore ping requests to also be scanned.

Reflection: The most difficult thing I faced in this lab was obtaining only the ip address from the nmap scan. This resulted me in learning how the "cut" command and "grep" work in Linux.

Another issued I faced in the lab was how variables are handled in bash since I am a Python user. Making the variable is simple since its: bash variablename = value

When invoking it, it must used like: bash echo $variablename