Network Ports Lab - Zacham17/my-tech-journal GitHub Wiki
SUBMISSION: Open a command prompt and run the command ipconfig /all and put the output in your GitHub submission and put two asterisks next to your IP address, Physical Address, Subnet Mask, and Default Gateway.
C:\Users\zachary.morris>ipconfig /all
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : champlain.edu
Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX201 160MHz
**Physical Address. . . . . . . . . : E0-D4-E8-83-92-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a96e:f402:b14e:477a%10(Preferred)
**IPv4 Address. . . . . . . . . . . : 184.171.149.206(Preferred)
**Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, November 4, 2020 11:34:53 AM
Lease Expires . . . . . . . . . . : Wednesday, November 4, 2020 12:52:43 PM
**Default Gateway . . . . . . . . . : 184.171.149.250
DHCP Server . . . . . . . . . . . : 216.93.150.162
DHCPv6 IAID . . . . . . . . . . . : 132175080
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-10-78-0C-E0-D4-E8-83-92-EE
DNS Servers . . . . . . . . . . . : 216.93.145.253
216.93.145.247
NetBIOS over Tcpip. . . . . . . . : Enabled
Nmap allows the usage of a range of IP address, where a range is specified with a hyphen between the lower number and the upper number in the range. These ranges can be used in any of the dotted quad numbers that make up the IPv4 address. Here are two examples for a Class C (/24) range and a Class B (/16) range.
NOTE: When you are performing a port scan, it is imperative you only scan IP addresses that are within the "SCOPE" of your assessment. Port scans are not illegal, UNLESS it causes a disruption of service. A simple port scan can disrupt some types of network services. It is best to double-check to ensure you are typing the proper IP addresses or address ranges before you run the scan.
SUBMISSION: If you were told the "SCOPE" of your scan is all hosts within the subnet: 192.168.1.32/27, what is the "Host Address Range" you are allowed to scan? Use http://www.subnet-calculator.com/ and enter the IP address and the "27" as the "Mask Bits." List the range of IP addresses you can scan.
192.168.1.33 - 192.168.1.62
SUBMISSION: If you were told the "SCOPE" of your scan is all hosts within the subnet: 192.168.4.0/255.255.255.0, what is the "Host Address Range" you are allowed to scan? Use http://www.subnet-calculator.com/ and enter the IP address and the "255.255.255.0" as the "Subnet Mask." List the range of IP addresses you can scan.
192.168.4.1 - 192.168.4.254
Start Zenmap and set the Target to the range of your network and set the “Profile” to Ping Scan. In the first submission, type in your IP and subnet mask into the website: http://www.subnet-calculator.com/ to complete the rest of the lab.
184.171.149.1 - 184.171.149.254
SUBMISSION: What is the nmap command displayed in the Command window?
nmap -sn 184.171.149.1-254
SUBMISSION: Look at the Nmap Options Summary Page. What does the option –sn specify?
-sn: Ping Scan - disable port scan
Click Scan and wait for your scan to complete. Provide a synopsis of your results including:
1) the number of hosts scanned
2542) the number that are up
183) how long the scan took.
2.69 Seconds
Change the Profile to Quick Scan.
SUBMISSION:What is the nmap command displayed in the Command window?
nmap -T4 -F 184.171.149.1-254
SUBMISSION: Look at the Nmap Options Summary Page. What do the options –T4 and -F mean?
-T<0-5>: Set timing template (higher is faster) -F: Fast mode - Scan fewer ports than the default scan
SUBMISSION: Click Scan and wait for your scan to complete. Provide a synopsis of your results (use the table below) including:
1) the number of hosts scanned
2542) the number that are up
183) how long the scan took
18.78 Seconds
4) explain what is different about these results versus the ping scan. Provide details in your response. What specifically is different?
The quick scan shows what ports are open , closed, or filtered for each host. It also says how many ports it isn’t showing and what their status is for each host that is up . The Ping scan doesn’t provide this much detail. It only shows whether the host is up or down. Both quick scan and ping scan show the MAC address.
Click the Scan menu and open a new Window. Set your target to the same range used above and set the Profile to Regular Scan. SUBMISSION: What is the nmap command displayed in the Command window?
nmap 184.171.149.1-254
SUBMISSION: Click Scan and wait for your scan to complete. Provide a synopsis of your results including:
1) the number of hosts scanned
254
2) the number that are up
18
3) how long the scan took
84.31 seconds
4) The synopsis for this section must compare the results with the results from above and emphasize any differences. (What differences are there between this scan and the “Quick Scan.”)
A regular scan takes longer than a quick scan, but a regular scan scans 1000 ports for each host, while a quick scan scans only 100 ports
The Intensive Scan Profile and Quick Scan Plus profile each do both Service and OS detection although in different ways. SUBMISSION: Choose each of these profiles and record the nmap commands. Use the Options Summary Page to compare the options used by each.
| Command |
|---|
| nmap -T4 -A -v 184.171.149.1-254 |
| -A option | -v option |
|---|---|
| Enable OS detection, version detection, script scanning, and traceroute | Increase verbosity level (use -vv or more for greater effect) |
| Command |
|---|
| nmap -sV -T4 -O -F --version-light 184.171.149.1-254 |
| -sV option | -O option | --version-light |
|---|---|---|
| Probe open ports to determine service/version info | Enable OS detection | Limit to most likely probes (intensity 2) |
Click the Scan menu and open a new Window. Set your target to the same range used above and set the Profile to Quick Scan Plus
Click Scan and wait for your scan to complete.
Which host on your network has the most network ports open? (You may see more on your own hosts because you are scanning from it so exclude your system).
None them, other than my own system, have any ports open, the one with the most ports open is my system.
Why did we start this assignment with a ping scan first?
Ping Scan shows the least amount of information. We started with what yielded the least information, and kept moving up in the amount of information that was provided by each command.