EHAC Lab Mohammad Reza Rostami

Tutorial 3- Network and Port Scanning

A-What You Need for This Tutorial
1- The Kali Linux virtual machine you prepared previously.
2- Windows 2000 and 2008.

3- Use nmap (or Zenmap), to scan win2000 and 2008 (You can use nmap in Kali or
download Windows installer and try it in a Windows machine)
4- While scanning, try to analyze the packet by Wireshark on the target machine.

Questions (Write your answers in a new Word document [YourName_Scan.docx]):

a) What's the default nmap scan technique?
b) What's nmap option to grab the service banner?
c) What's nmap option to identify the OS running on the remote
machine?

Page 1 of 3
EHAC Lab Mohammad Reza Rostami

B- Nmap command line:

nmap [Scan Type(s)] [Options] {target specification}

Summary of important Nmap commands

Type Command Description
Type of scanning -sS TCP SYN Scan
-sT TCP Connect Scan
-sF FIN Scan
-sA ACK Scan
-sW Window Scan
Port specification -p Scan for TCP ports
-sU Scan for UDP ports
-r Do a sequential port scan (dont
randomise the ports)
-F Fast scan, scans fewer ports
OS/Service/Version -O Detect operating system
Detection -sV Version detection
Host Discovery -sL List targets
-PN Do a ping scan
Timing/Performance -T(0-5) 5 is the fastest, 0 is the slowest
-F Fast scan, scans fewer ports
Firewall/IDS Evasion and -D IP_Addresses Decoy hosts
Spoofing -g port_number Spoof source port
-f Fragment packets
Output -oN Normal output
-oG Grepable output
-oX XML output
-oA Output in all three formats
Target Specification IP address Specify comma-separated IP
192.168.100.1, addresses
192.168.100.2
List of IP addresses Give a range of IP addresses
192.168.100.1-50
CIDR CIDR specification
192.168.100.1/24
-iL filename Read the list of IP addresses
from the filefilename

Page 2 of 3
EHAC Lab Mohammad Reza Rostami

C- Nmap Scripting Engine

Nmap is not only a port scanner that could be used for scanning ports on a machine but
also contains a script engine that offers the ability to execute scripts that could be used for
more in-depth discovery of a target.
Nmap includes a variety of ready-made scripts that could be used for that reason. You
can run scripts one at a time or you can execute scripts by category. Of course Nmap offers the
option to execute multiple scripts at a time.
Nmap scripts in Kali Linux are located at (/usr/share/nmap/scripts/). You can find the
by using locate command in Linux Terminal.

5- Try to find the users in Windows 2000 by using nmap scripts.

a. nmap --script script_name 192.168.100.2

Turning in Your Tutorial Results

6- After finishing the scanning and answering the above questions, zip the Word files and
upload the zip file on the Edmodo.

Good Luck

Page 3 of 3