Documente Academic
Documente Profesional
Documente Cultură
Summary ......................................................................................................................................... 2
Nmap ........................................................................................................................................... 2
Netcat .......................................................................................................................................... 3
Ping Sweep...................................................................................................................................... 3
Standard ...................................................................................................................................... 4
Timing Request ........................................................................................................................... 4
Port 80 and 443 Scan ...................................................................................................................... 6
Application Fingerprinting............................................................................................................ 10
Reference ...................................................................................................................................... 13
Summary
This lab demonstrates the knowledge of performing host scan using nmap and applied the many
option that nmap provided. Show control over how the scan work, by controlling the timeout,
port number and scanning for specific information on a specific host. The lab will walk through
how to scan and detect information, such as version, OS, and services of each host located on the
network. The document will talk through how each command works and what each option
Command List
Nmap
-O Enable OS detection
-zx Zero- I/O mode; printing out messages on Standard Error, such as when a connection
occurs.
Ping Sweep
The following ping sweep the entire network and display all online host IP addresses and the
time it takes to scan from the IP address range 10.31.104.1-254. The target IP address is
Target Information
Standard
Standard nmap TCP port scan using -sT that listed open port, state and service of the net range
provided.
Timing Request
The T4 or timing Aggressive, which took only 500ms compare to the standard T1, which is 15
--host-timeout was used to tell nmap to scan a certain host for a specific amount of time to
nmap -sV scan the version of each of the listed host, and -p were used to specify the host that I
nmap scan with aggressive and used reason to list the reason why the port is in the state that
they are.
Nmap Scan and output
Perform port scan on host 10.31.104.10 using nmap and output the result to a text file on the
Desktop.
Denying ICMP
The nmap -Pn option will automatically assumed that the host is online and skip any ICMP
(ping). The command will skip any host discovery or perform ping before scanning it.
Perform a netcat scan with I/O mode and output messages on standard error that might occur and
scan it from host 1-500. Netcat is a Unix/Linux utility that uses TCP or UDP to read and write
data across network connections, while nmap is more like a security scanner for information.
Netcat is used when opening raw connection, setting up a quick webserver on port 8080 to view
the content of a file, checking whether the UDP ports are open, port scanning, etc While nmap
are used for host discovery, port scanning, version and OS detection etc
Operating System Identification
The OS detection is really accurate with detecting the targets OS, which is Microsoft Windows
2000/XP/2003.
Application Fingerprinting
The application fingerprinting scan on the target listed the service of each port. There is no
unknown application fingerprint shown in the scan. If nmap doesnt known what a service is,
then netstat can be used to list open ports and processes or another way is to manually lookup the
To determine what host are up within that range, I would run either Nmap or Nessus. Given that
I am trying to detect any vulnerabilities I would go with Nessus. This would allow me to do
network discovery and scan the systems for vulnerabilities but this would need to be done in safe
since running it without it disabled can crash a system. Also, Tenable Network Security, owners
of Nessus, develops several plugins that will allow Nessus to check CVEs. During the scan I can
use the interface to view results even while the scan is still in progress. Once the scan is
completed, a report will be generated where I can get the needed information needed to complete
Perform nmap host scanning using data from a text file named networkhosts.txt. The -iL
command will take the data from the file, import it and perform the scan automatically.
Reference
Nmap Network Scanning Options Summary. (nod). Retrieved October 16, 2017, from
https://nmap.org/book/man-briefoptions.html
Messer. (2007, September 17). How to Supercharge Your Nmap Scans . Retrieved October 16,
scans/4/
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
Nmap Network Scanning Port Scanning Techniques. (n.d.). Retrieved October 16, 2017, from
https://nmap.org/book/man-port-scanning-techniques.html