Lab 2.1 Port Scanning 1

With bash - single host single port

You will not always have tools on target, so a few other methods using native commands will also be introduced.

Try the following

Open up Wireshark with a display filter on TCP port 80 Execute the echo shown in 2 Capture the TCP handshake, push, and then tear down as shown in 3 image.png

Deliverable 1. Provide a screenshot below, make sure to take a look at the interplay of TCP flags during setup and teardown of the TCP connection.

Hint: If your device has too much unrelated communication in the network, you can filter the IP address to the one we are establishing communication with.

With bash - single host single port

Let's extend the example above by

Creating a list of targets (you can use sweep.txt should you wish) shown in 1. Create a short list of popular TCP ports (exhaustive scans do take time) Collaborate with your teammates and add enhancements such as error checking, parameter and option checking, and output enhancement (in its current state it provides CSV output). Make sure to give credits in your code with a few comments.

Deliverable 2. Execute your script (demo your enhancements as well), and provide a source code listing (also upload this to your technical journal). Capture a screenshot of your program run similar to the one below. (Note, the ports may be different at the time of this lab).

My enhancement was error checking, it checks to see if you gave 2 arguments.

Deliverable 3. So, you notice we target the file /dev/tcp/thehostip/thetcpport. Can you find this file in Kali? Break out our friend Google and see if you can find out what is going on. Briefly explain what you discover.

I am unable to find this file in Kali, the /dev/tcp directory followed by /host/ip opens a TCP connection to that host and IP.

NMAP

Nmap default scan: Begin a new wireshark session. Run a default scan against 10.0.5.31

-> sudo nmap 10.0.5.31

Deliverable 4. Provide a screenshot showing your Nmap output

You will notice right away that the default Nmap scan begins with an ICMP echo request, a SYN to 80 and 443, and an ICMP timestamp request. It then SYN scans 1000 popular ports. To see how it behaves against a given port, find one reported to be open (different from the example and observe the TCP FLAGS being invoked by client and server. The following image shows the server responding with a SYN/ACK (meaning the port is open) similar to the one below.

Hint (Again): If your device is having too much-unrelated communication in the network, you can filter the IP address to the one we are establishing communication with.

Deliverable 5. find another open port, create the appropriate display filter, and submit a screenshot similar to the example (but with another port).

Nmap single port:

Restart a new wireshark capture and clear any display filters. Run the following command:

-> sudo nmap 10.0.5.31 -p 3389

Look for traffic to and from port 3389. Anything else is part of the default host discovery process.

Run the same command without sudo

Deliverable 6. Describe the difference in the two Wireshark captures

sudo shows more information because with sudo you send ARP broadcasts to sniff network traffic.

Limiting NMAP's host discovery with -Pn

Deliverable 7. Add the -Pn flag and provide a wireshark display. You should have a total of 3 packets and evidence of a simple SYN scan similar to the one below.

Deliverable 8. Provide links to any source code written to accomplish this lab's objectives (remember, you can collaborate with your teammates on this). If you were asked to write a script (more than a line), make sure this is an actual file uploaded to the source part of GitHub as opposed to a wiki entry (though you can certainly link to this file in your wiki).

https://github.com/JNicholls2026/SEC-335-Eth-Hacking-Pen-Testing/blob/main/Module-2/portscanner.sh