Lab #1 – Assessment Worksheet
Performing Reconnaissance and Probing Using Common Tools
Principals of Information Assurance CIS2350
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
In this lab, you explored the common tools available in the virtual lab environment. You used
Wireshark to capture and analyze network traffic and OpenVAS to scan the network. You
reviewed a sample collection of data using NetWitness Investigator, connected to a remote
Windows machine, and explored two file transfer ...view middle of the document...
3. How does Wireshark differ from NetWitness Investigator?
Wireshark captures the packets on the network, NetWitness Investigator allows you to review a report of the
packets captured, and what they contain (in an easier to read format)
4. Why is it important to select the student interface in the Wireshark?
According to the network topology map, all computers on the network are in the 172.30.0.0/24 subnet, choosing
the Public interface in wireshark would result in scanning the 10.10.10.0/? subnet, which would not be very
helpful for this lab.
5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of
nmap -T4 -A -v 172.30.0.0./24
2 | Lab #1: Performing Reconnaissance Using Common Tools
6. Name at least five different scans that may be performed with Zenmap.
Five different scans that may be performed with Zenmap:
Intense, Ping, Quick, Regular, and Slow comprehensive.
7. How many different tests (i.e., scripts) did your Intense Scan perform?
SYN Stealth, ARP Ping, Service Scan, Nmap, and OS detection
8. Based on your interpretation of the Intense Scan, describe the purpose/results of each tests script
performed during the report.
A SYN scan sends a packet to see if a response is given, ARP Ping tests to see if a host on the local network is
up. Service scan will scan to see if any services are running like http, or ftp. Nmap creates a map of the network,
and OS detection detects what operating system is running on the host.
9. How many total IP hosts did Zenmap find on the network?
Zenmap scanned 256 IP addresses, of which it found 6 total IP hosts that were up.
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
Student Lab Manual