Network Reconnaissance

Exercise 4.2:

In this lab students identify what systems are active on the network and which sockets are reachable on the hosts on a network as a first step towards defending it.

Report:

• How many ports were found open in the lab (using THC-Amap)?
• (Using NMAP) How many systems responded to your scan?
• what does NMap reveal about the ports?
• Why might there be a difference between an NMAP san and a THC-Amap scan?
• What UDP ports are found available in the scan?
• How long did it take to complete the scan?
• How do you think this information might be useful to an attacker?
• How might an attacker search your lab for a webserver?

Reconnaissance with thc-amp and nmap

amap

• Note your IP
• you may start some service e.g. httpd or any other. Refer to the reading material on different ports to get ideas of services you can start e.g. service xxxx start
• check one service: amap <yourIP> <port> e.g. amap 192.168.59.5 22
• use amap -- help to see various flags you can use to see information in different modes e.g. -sT, -sS, -sU etc
• now scan a range of ports e.g. amap 192.168.59.5 1-1024
• Try the same exercise on another IP in the network

nmap

• ping an entire range of ip addresses: nmap -sP 192.168.59.*
• use nmap -- help to see the various flags you can use for various information and modes
• perform a TCP scan, SYN scan, UDP scan using the relevant flags and view the information.

Write your brief report