Lab #1 – Assessment Worksheet
Perform Reconnaissance & Probing Using ZenMap GUI (Nmap)
Course Name & Number:
Hackers traditionally follow a 5-step approach to seek out and destroy targeted hosts. The first step in
performing an attack is to plan the attack by identifying your target and learning as much as possible
about the target. Hackers traditionally perform an initial reconnaissance & probing scan to identify IP
hosts, open ports, and services enabled on servers and workstations. In this lab, students will plan an
attack on 172.30.0.0/24 where the VM server farm resides. Using ZenMap GUI, students will then
perform a “Ping Scan” or “Quick Scan” on the ...view middle of the document...
If you ping the “WindowsTarget01” VM server and the “UbuntuTarget01” VM server, which fields
in the ICMP echo-request / echo-replies vary?
At least one: TTL (Time to Live).
Windows Servers have a TTL of 128 and Ubuntu Linux Servers use a TTL of 64.
5. What is the command line syntax for running an “Intense Scan” with ZenMap on a target subnet of
nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.0/24
6. Name at least 5 different scans that may be performed from the ZenMap GUI and document under
what circumstances you would choose to run those particular scans.
a. Intense Scan – A thorough scan of all “well-known” TCP ports and Services identifying “wellknown”
services such as FTP, HTTP, etc…
b. Intense Scan plus UDP – Same as Intense Scan but scans the “well-known” port numbers using
the UDP protocol as well as TCP, which detects services such as tftp, DNS, etc…
c. Intense Scan All TCP Ports – This scan will detect all running TCP services on all available ports
0-65535, this is chosen when you want the scan to detect running services on high ports
d. Ping Scan – A very quick scan that is designed to simply ping all addresses on a given network
identifying which hosts are alive and responding to pings
e. Slow Comprehensive Scan – A thorough scan that is designed to bypass IDS systems and not set
off any alarms due to how slow it scans, more time-consuming but much more stealthy