Week 10 Lab : Network Ports - jwells24/Tech-Journal GitHub Wiki

Week 10 : Network Discovery

Exercise 1

SUBMISSION: Open a command prompt and run the command ipconfig /all and put the output for ONLY your LAN IP address in your GitHub submission and put two asterisks next to your IP address, Physical Address, Subnet Mask, and Default Gateway.

  1. LAN IP: 192.168.1.16
  2. Physical Address: 30-9C-23-47-D7-F1
  3. Subnet Mask: 255.255.255.0
  4. Default Gateway: 192.168.1.1

SUBMISSION: If you were told the "SCOPE" of your scan is all hosts within the subnet: 192.168.1.32/27, what is the "Host Address Range" you are allowed to scan? Use http://www.subnet-calculator.com/ and enter the IP address and the "27" as the "Mask Bits." List the range of IP addresses you can scan.

  • 192.168.1.33 - 192.168.1.62

SUBMISSION: If you were told the "SCOPE" of your scan is all hosts within the subnet: 192.168.4.0/255.255.255.0, what is the "Host Address Range" you are allowed to scan? Use http://www.subnet-calculator.com/ and enter the IP address and the "255.255.255.0" as the "Subnet Mask." List the range of IP addresses you can scan.

  • 192.168.4.1 - 192.168.4.254

Using Zenmap

SUBMISSION: What is the nmap command displayed in the Command window?

  • nmap -sn 192.168.1.1-254

SUBMISSION: Look at the Nmap Options Summary Page. What does the option –sn specify?

  • -sn specifies a ping scan - disable port scan

Click Scan and wait for your scan to complete. Provide a synopsis of your results including:

  • the number of hosts scanned
  • the number that are up
  • how long the scan took.
  1. 254 hosts scanned
  2. 8 host up
  3. 9.84 seconds

Quick Scan

SUBMISSION:What is the nmap command displayed in the Command window?

  • nmap -T4 -F 192.168.1.1-254

SUBMISSION: Look at the Nmap Options Summary Page. What do the options –T4 and -F mean?

  • -f fragments the packets, -T4 sets the timing template to 4

SUBMISSION: Click Scan and wait for your scan to complete. Provide a synopsis of your results (use the table below) including:

  • the number of hosts scanned
  • the number that are up
  • how long the scan took
  • explain what is different about these results versus the ping scan. Provide details in your response. What specifically is different?
  1. 254 hosts scanned
  2. 9 hosts up
  3. 17.99 seconds
  4. The ping scan told me how many hosts were up, and displayed the the devices connected on my network. The quick scan told me what ports were open for the devices on my network, as well as the port number and service.

Regular Scan

Click the Scan menu and open a new Window. Set your target to the same range used above and set the Profile to Regular Scan. SUBMISSION: What is the nmap command displayed in the Command window?

nmap 192.168.1.1-254

SUBMISSION: Click Scan and wait for your scan to complete. Provide a synopsis of your results including:

  • the number of hosts scanned
  • the number that are up
  • how long the scan took
  • The synopsis for this section must compare the results with the results from above and emphasize any differences. (What differences are there between this scan and the “Quick Scan.”)
  1. 254 hosts scanned
  2. 7 hosts up
  3. 45.21 seconds
  4. The regular scan covers more ports than the quick scan, and it gives the scanner the ports opened, port number, and service for all of the ports open on each device on the network.

Service and OS Detection

SUBMISSION: Choose each of these profiles and record the nmap commands. Use the Options Summary Page to compare the options used by each.

Intense Scan

  • -A option: Enables OS Detection, version detection , script scanning, and traceroute
  • -v option: Prints the version number

Quick Scan Plus

  • -sV option: Probes open ports to determines service/version info
  • -O option: Enables OS Detection
  • --version-light Limit to most likely probes

Which host on your network has the most network ports open? (You may see more on your own hosts because you are scanning from it so exclude your system).

  • Host: 192.168.1.9 (A Laptop)

Why did we start this assignment with a ping scan first?

  • We started with a ping scan to see all of the devices connected to the network, and to understand how zenmap works.