Assessment Worksheet
15
1
Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Using Zenmap GUI (Nmap)
LAb #1 – ASSESSMENT WORKSHEET
Perform Reconnaissance and Probing Using Zenmap GUI (Nmap)
Course Name and Number:
Fundamentals of Information Security
Lab due date:
Overview
Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you planned an attack on 172.30.0.0/24 where the VM server farm resides, and used the Zenmap GUI to perform an “Intense Scan” on the targeted IP subnetwork.
Note:
These forms have been formatted to allow you to complete the form online and save it ...view middle of the document...
What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1,
LAN Switch 2, and the IP default gateway router?
Target Window 01 Server: 172.30.08 Lan Switch 1: 172.16.8.5124 Lan Switch 2: 172.16.20.5124
3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when
you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source?
Yes, 172.30.0.8 sent back 4 172.30.0.1 sent back 4
4. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of
172.30.0.0/24?
nmap -SP -PE -PA21,23,80,3389 172.30.0.0124
5. Name at least five different scans that may be performed from the Zenmap GUI. Document under what
circumstances you would choose to run those particular scans.
Ping Scan Regular Scan Quick Scan Intense Scan Intense Scan, All TCP ports
Assessment Worksheet
6. How many different tests (i.e., scripts) did your “Intense Scan” definition perform? List them all after
17
1
Perform Reconnaissance and Probing Using Zenmap GUI (Nmap)
reviewing the scan report.
RPC Grind Scan SYN Stealth Scan ARP Ping Scan OS Detection Service Scan NSE
7. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap) scan report.
RPC Grind Scan: A remote program call (RPC) scan is used to locate and identify RPC applications. SYN Stealth Scan: sends a SYN packet then looks at the response. ARP Scan: puts Nmap and its optimized algorithms in charge of ARP requests. OS Detection: uses TCP/IP stack fingerprinting. Service Scan: sometimes reveal information about a target beyond the service type and version. NSE: allows users to write and share simple scripts to automate a wide variety of networking tasks.
8. How many total IP hosts (not counting Cisco device interfaces) did Zenmap GUI (Nmap) find on the
network?
It Found 6 IP Hosts on the Network
9. Based on your Nmap scan results and initial reconnaissance and probing, what next steps would you
perform on the VSCL target machines?
A Risk Assesmant